b43f64b6a520f060dbc8b1d34803f0f8

Sharing

Copy URL Twitter E-mail

General

Target

b43f64b6a520f060dbc8b1d34803f0f8
Size

10.5MB
MD5

b43f64b6a520f060dbc8b1d34803f0f8
SHA1

1bdeaea690f950f78b8150742c2d6cf87d39c392
SHA256

98b83eb4f96a4bea34bd585b564d9b8b105764ea4764a507794228370c2e0d7c
SHA512

3ef0c63b1ba25562b7437d8f8f48550dcbf42d6eb28ef6d5ddaa9857fcd8961f1039925947dae76ed4cd8ca7e268e4385c014a704105e0a74850d1e365be2a4f
SSDEEP

196608:qVhvCL63/dagoBJDMFbsd9NufhU6DJ5syvmT4X+KRsd:mZU+1aTJDFdmJr50wB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b43f64b6a520f060dbc8b1d34803f0f8

Files

b43f64b6a520f060dbc8b1d34803f0f8
.dll windows:5 windows x86 arch:x86

4dcef45e5b3706cff7f9a52baa0dc395

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetVersion
GetLastError
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowThreadProcessId
CharUpperBuffW

advapi32

GetCurrentHwProfileA
QueryServiceConfigW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

ole32

CoInitializeEx

oleaut32

VariantInit

msvcp90

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

msvcr90

_CIsqrt

winhttp

WinHttpReadData

psapi

GetMappedFileNameW

d3dx9_39

D3DXCreateFontA

imm32

ImmGetContext

wtsapi32

WTSSendMessageW

Exports

Exports

axaa2x

Sections

.text
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 8.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dcef45e5b3706cff7f9a52baa0dc395

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp90

msvcr90

winhttp

psapi

d3dx9_39

imm32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 2.9MB

.rdata Size: - Virtual size: 231KB

.data Size: - Virtual size: 336KB

.UPX0 Size: - Virtual size: 8.3MB

.UPX1 Size: 10.5MB - Virtual size: 10.5MB

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 697B

.text
Size: - Virtual size: 2.9MB

.rdata
Size: - Virtual size: 231KB

.data
Size: - Virtual size: 336KB

.UPX0
Size: - Virtual size: 8.3MB

.UPX1
Size: 10.5MB - Virtual size: 10.5MB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 697B