9bda71055be1d2813b4eb5fb24420c66

Sharing

Copy URL Twitter E-mail

General

Target

9bda71055be1d2813b4eb5fb24420c66
Size

39KB
MD5

9bda71055be1d2813b4eb5fb24420c66
SHA1

db79186de98cf23be8d7624e80e9c83c4e50a02d
SHA256

6ce2e77f93bd9133e50715c105ecf11898690ebd69cc8122ccad674b364c6b1d
SHA512

9b08267a59eb8c114fa05733ac75ea53019a13712b03c30677e64ade2b990ae826365a384bcded636865da3f512b3b472c989d7943be17aa33c8aea0ba040b5a
SSDEEP

384:rjMq1krBa1ZrVPpw2LA8P27BiQSWNtpWEa0AV3FRWVIV6q31al:rjmBa1ZrVm2LAfZPtPaHR1VdI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bda71055be1d2813b4eb5fb24420c66

Files

9bda71055be1d2813b4eb5fb24420c66
.dll regsvr32 windows:4 windows x86 arch:x86

7e94d89ed74ed5942d190a237f68277e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
CloseHandle
ReleaseMutex
GetTickCount
InterlockedDecrement
GetTimeZoneInformation
GetLocalTime
GetWindowsDirectoryA
CreateMutexA
DeleteFileA
HeapReAlloc
HeapFree
GetProcessHeap
CreateProcessA
CompareStringA
SetEndOfFile
WriteFile
SetFilePointer
CreateFileA
DebugBreak
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
GetThreadLocale
DisableThreadLibraryCalls

advapi32

RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

shlwapi

SHDeleteKeyA

user32

CharNextA
wsprintfA

wininet

InternetReadFile
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e94d89ed74ed5942d190a237f68277e

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

user32

wininet

Exports

Exports

Sections

UPX0 Size: 32KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.avp
Size: 2KB - Virtual size: 4KB