ab1b7a2e62fa8966ebcecbeff785bf52

General

Target

ab1b7a2e62fa8966ebcecbeff785bf52
Size

418KB
MD5

ab1b7a2e62fa8966ebcecbeff785bf52
SHA1

7102b61a31ea0584b8a4d0a756c0d1bf4ba1ad4f
SHA256

3f058e09666f6a1c910c165b3350a11d5630bbbc6975ed4c32d0af44917ab157
SHA512

1e0f1eca2b5d14a8241efe5c3db1ff3071f71acce6d49dd89af12811c5d2ba139d84d416dd7ea34a7c46022f1845c7d21ea2e3d0eaf20921638d2e362b4ec987
SSDEEP

12288:Qbi3AwktZs2WiMJZD4Ex6+EqhXUlj1KUD:V3Awkte2Wi+D4Ex6Ohkj0UD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/lame_enc.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lame_enc.dll
unpack001/mp3cutter.exe
unpack001/mp3dec2.dll

Files

ab1b7a2e62fa8966ebcecbeff785bf52
.rar
lame_enc.dll
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

beCloseStream
beDeinitStream
beEncodeChunk
beInitStream
beVersion
beWriteVBRHeader

Sections

UPX0
Size: - Virtual size: 484KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 126KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mp3cutter.exe
.exe windows:1 windows x86 arch:x86

a05d20b0da117264ab959ac2b67e5148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

gdi32

UnrealizeObject

ole32

ReleaseStgMedium

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

comdlg32

GetSaveFileNameA

winmm

waveOutWrite

lame_enc

beWriteVBRHeader

mp3dec2

SB_InitMP3

Sections

CODE
Size: 215KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mp3dec2.dll
.dll windows:4 windows x86 arch:x86

19e5df12fe766adaf7cc39c6e32930df

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

CreateWindowExA

Exports

Exports

SB_ExitMP3
SB_GetCurrentOutTime
SB_GetFrameInfo
SB_InitMP3
SB_decodeMP3

Sections

.text
Size: 34KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

UPX0 Size: - Virtual size: 484KB

UPX1 Size: 126KB - Virtual size: 132KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

a05d20b0da117264ab959ac2b67e5148

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ole32

comctl32

shell32

comdlg32

winmm

lame_enc

mp3dec2

Sections

CODE Size: 215KB - Virtual size: 1.1MB

.rsrc Size: 10KB - Virtual size: 12KB

19e5df12fe766adaf7cc39c6e32930df

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 360KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 484KB

UPX1
Size: 126KB - Virtual size: 132KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

CODE
Size: 215KB - Virtual size: 1.1MB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 34KB - Virtual size: 360KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB