a2bb96305cddece95619640f5c58be7d

Sharing

Copy URL

Twitter E-mail

General

Target

a2bb96305cddece95619640f5c58be7d
Size

57KB
MD5

a2bb96305cddece95619640f5c58be7d
SHA1

9d98235c34c7366fb4168fe051ba51a0ff3059a1
SHA256

a52d2d092c1e4e90de9eaa2864277bb8b3808e3a500c8f2815ee7204a16154a5
SHA512

06a0840b380a81c3c0bf4b0f4a39a4eb55da6067593926e1c760497019300df374da052303794e8d5e53b28a3f54b434046de50f672eb098f2d8a5d5944d90ab
SSDEEP

768:erqDYqY+uw8Fc5myvd2+EqY5tTt0IUUiM95Z1zvaTZVM:FDYiuDFUmyA+Er5kIVJ9pzM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2bb96305cddece95619640f5c58be7d

Files

a2bb96305cddece95619640f5c58be7d
.exe windows:4 windows x86 arch:x86

72d59f28183fd467e16f513d08f102d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleHandleA
CreatePipe
PeekNamedPipe
ReadFile
SetCurrentDirectoryA
CreateProcessA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetFileTime
SetFileTime
FindNextFileA
FindFirstFileA
FindClose
TerminateProcess
GetFileSize
GetLocalTime
GetPriorityClass
OpenProcess
GetCurrentProcess
DuplicateHandle
GetLastError
LocalFree
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
Process32First
Process32Next
FreeLibrary
GetLogicalDriveStringsA
GetDriveTypeA
GetVolumeInformationA
GetComputerNameA
RemoveDirectoryA
CreateFileA
WriteFile
GetTickCount
GetVersionExA
GetSystemDefaultLangID
OpenMutexA
lstrcmpiA
CloseHandle
ExitProcess
SetEvent
WaitForSingleObject
Sleep
CreateMutexA
CopyFileA
GetSystemDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetModuleFileNameA
CreateThread
CreateEventA
SetFileAttributesA
GetFileAttributesA
CreateDirectoryA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
SetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
GetUserNameA
LookupAccountSidA
RegEnumKeyExA
RegEnumValueA

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
swprintf
fwrite
fread
fclose
rename
_strnicmp
sprintf
free
strstr
strchr
atoi
strrchr
time
srand
rand
malloc
__CxxFrameHandler
_controlfp
fseek
fopen
_itoa

shlwapi

SHDeleteKeyA

ws2_32

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72d59f28183fd467e16f513d08f102d2

Headers

File Characteristics

Imports

kernel32

advapi32

mpr

msvcrt

shlwapi

ws2_32

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.rsrc Size: 6KB - Virtual size: 8KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 6KB - Virtual size: 8KB

.avc
Size: 2KB - Virtual size: 4KB