HEUR-Trojan-Downloader[.]Win32[.]Upatre[.]gen-b299af75bc4d9f0e6e0a4679f065659d9d5fee28d9a9591d09aba7c030a337bb

General

Target

HEUR-Trojan-Downloader.Win32.Upatre.gen-b299af75bc4d9f0e6e0a4679f065659d9d5fee28d9a9591d09aba7c030a337bb
Size

148KB
MD5

8db1aef6d776af39a50e52aefa482d62
SHA1

e3d69d08f4f6ee510cb8a6e82a0d91c45e4fa9da
SHA256

b299af75bc4d9f0e6e0a4679f065659d9d5fee28d9a9591d09aba7c030a337bb
SHA512

010c48e89a8c17027d9c660c78a00934e2bc82466060c5b5cc7726ddee3633192108246eebc300059b678e3814a69d4cc8156adbdf4084b3c8d0016166eed381
SSDEEP

1536:DwCd+qitb0bt+FTCQ2X9EvHsdXru1x20n2eN6BRi:Dv4b0hJ9EE1ru1x2q2eYRi

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan-Downloader.Win32.Upatre.gen-b299af75bc4d9f0e6e0a4679f065659d9d5fee28d9a9591d09aba7c030a337bb

Files

HEUR-Trojan-Downloader.Win32.Upatre.gen-b299af75bc4d9f0e6e0a4679f065659d9d5fee28d9a9591d09aba7c030a337bb
.exe windows:5 windows x86 arch:x86

83b45e356be38dee9f40ac165206f07f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
LoadLibraryA
GetModuleHandleW
HeapFree
GetVersionExA
GetStartupInfoW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

83b45e356be38dee9f40ac165206f07f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

UPX0 Size: 40KB - Virtual size: 40KB

UPX1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 76KB - Virtual size: 76KB

UPX0
Size: 40KB - Virtual size: 40KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 76KB - Virtual size: 76KB