bd8b427ceffcca25257b500f1a0ff43f

Sharing

Copy URL

Twitter E-mail

General

Target

bd8b427ceffcca25257b500f1a0ff43f
Size

268KB
MD5

bd8b427ceffcca25257b500f1a0ff43f
SHA1

0dc839e2f7ead3c63d1e12a52ce43dbb32ec917e
SHA256

77f472ce4d674cfd900f27c2e9601284bc139dd47fcbaad1159bdb40c3045b47
SHA512

17ebff26559731f955334fea838cef53d3b78526134e24f44bb98b3f9762518b76fe4624b0583933a820d9dd137a4b93731353ab87cb917d2b80f498c952eccd
SSDEEP

3072:ezqPxhXQrsDpFC3oMiSls7293zadCSfuk4Jgboed6hZp1uOZIur3n:eyErYfC4MiSlsy93mdCSroeK1ugbn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd8b427ceffcca25257b500f1a0ff43f

Files

bd8b427ceffcca25257b500f1a0ff43f
.exe windows:4 windows x86 arch:x86

e86543c1a6c235b13ef9e7a9a9135792

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
FindClose
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetVersionExA
Sleep
FormatMessageA
CreateProcessA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
GetProcAddress
LoadLibraryA
lstrlenA
GetCurrentProcessId
MultiByteToWideChar
LockResource
CreateDirectoryA
GetWindowsDirectoryA
RemoveDirectoryA
DeleteFileA
OpenFile
GetTempFileNameA
GetTempPathA
InterlockedDecrement
FreeLibrary
GetModuleHandleA
OpenProcess
CloseHandle
GetLastError
WideCharToMultiByte
GlobalFree
GlobalAlloc
WriteFile
ReadFile
CreateFileA
GetStartupInfoA
WaitForSingleObject
FindNextFileA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA

comctl32

ImageList_SetBkColor
ImageList_AddMasked

mfc42

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbstok
strchr
strstr
_ftol
floor
strncpy
_CxxThrowException
_ismbcdigit
_mbsicmp
atol
memcpy
strcat
_timezone
strncmp
strrchr
fopen
fwrite
fclose
memset
strlen
tolower
strcmp
pow
strcpy
_setmbcp
_stricmp
_strdup
_tzset
__CxxFrameHandler
_EH_prolog
atoi
free
sscanf
_controlfp
sprintf
_mbscmp

ole32

CoCreateInstance
CoInitialize

oleaut32

user32

IsWindow
GetCursorPos
LoadCursorA
GetParent
LoadBitmapA
AdjustWindowRectEx
GetClientRect
RegisterWindowMessageA
PostMessageA
EnumWindows
KillTimer
wsprintfA
LoadIconA
SendMessageA
GetDesktopWindow
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
UpdateWindow
GetWindowThreadProcessId
GetWindowLongA
GetWindowTextA
EnumChildWindows
MessageBoxA
ShowWindow
GetSystemMetrics
SetWindowPos
SetTimer
EnableWindow
IsWindowEnabled
IsWindowVisible
GetClassNameA

wininet

InternetCheckConnectionA
InternetGetConnectedState

Sections

UPX0
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e86543c1a6c235b13ef9e7a9a9135792

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

mfc42

msvcrt

ole32

oleaut32

user32

wininet

Sections

UPX0 Size: 256KB - Virtual size: 256KB

.rsrc Size: 6KB - Virtual size: 8KB

.avp Size: 5KB - Virtual size: 8KB

UPX0
Size: 256KB - Virtual size: 256KB

.rsrc
Size: 6KB - Virtual size: 8KB

.avp
Size: 5KB - Virtual size: 8KB