be4e47883890c0703218eb1c4a634370

Sharing

Copy URL Twitter E-mail

General

Target

be4e47883890c0703218eb1c4a634370
Size

127KB
MD5

be4e47883890c0703218eb1c4a634370
SHA1

2e0d82508d348b6178c3e0e7be91a1de60b2c95b
SHA256

8b8048e08179f120d36faab4ab2488ab4a9e85143bc81065a85dbc0a46f15bc7
SHA512

9ea16a60b3c6a6e87d920d334e29ece413240e57171ae7e332bb903ee3f72f6237be8fcfd18c6aaf880acd0329d8f43d269921520c3ce911066403cdee0b322f
SSDEEP

3072:txnbTbEPkOmG2m/00VCQcXm7Zc+Cv0lWk:t98MOGm808bXUqMN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be4e47883890c0703218eb1c4a634370

Files

be4e47883890c0703218eb1c4a634370
.exe windows:4 windows x86 arch:x86

94c0216ad34e945119775dc29936558c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lopen
_lclose
_llseek
GetFileSize
_lwrite
SetStdHandle
_lread
SetFileAttributesA
TerminateThread
GetExitCodeThread
GetLocalTime
LCMapStringA
LCMapStringW
FlushFileBuffers
CloseHandle
DeleteFileA
HeapReAlloc
GetCurrentDirectoryA
GetSystemTime
GetStringTypeA
VirtualAlloc
MultiByteToWideChar
GetACP
GetStringTypeW
GetCPInfo
SetCurrentDirectoryA
GetOEMCP
CreateThread
_lcreat
SetEndOfFile
RtlUnwind
VirtualFree
GetLastError
HeapCreate
HeapDestroy
HeapFree
SetHandleCount
GetEnvironmentStringsW
GetFileType
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
UnhandledExceptionFilter
HeapValidate
SetFilePointer
HeapAlloc
FreeEnvironmentStringsA
IsBadReadPtr
IsBadWritePtr
GetModuleFileNameA
InterlockedIncrement
LoadLibraryA
GetProcAddress
OutputDebugStringA
InterlockedDecrement
WriteFile
GetStdHandle
DebugBreak
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetCurrentProcess
TerminateProcess
ExitProcess

advapi32

RegOpenKeyExA
RegCloseKey
RegSetValueExA

comctl32

gdi32

DeleteObject
SelectObject
MoveToEx
LineTo
SaveDC
GetTextExtentPoint32A
CreatePen
SetTextColor
CreateFontIndirectA
SetBkMode
SetBkColor
GetStockObject
CreateSolidBrush
RestoreDC

shell32

Shell_NotifyIconA

user32

GetDesktopWindow
GetWindowTextA
SendMessageA
SendDlgItemMessageA
SetDlgItemTextA
GetWindowRect
SetWindowPos
UpdateWindow
GetDlgItem
GetDlgItemTextA
GetWindowTextLengthA
DispatchMessageA
TranslateMessage
GetMessageA
SetDlgItemInt
ShowWindow
CreateDialogParamA
FrameRect
DrawIcon
GetDC
CreateWindowExA
FillRect
ReleaseDC
CopyRect
WindowFromDC
SetTimer
GetDlgItemInt
GetSystemMetrics
EndDialog
SetWindowTextA
SetFocus
DestroyWindow
DialogBoxParamA
SetForegroundWindow
KillTimer
BeginPaint
EndPaint
LoadCursorA
DefWindowProcA
LoadIconA
MessageBoxA
RegisterClassA
GetClientRect
IsCharAlphaNumericA
IsCharAlphaA
DrawTextA

wsock32

inet_addr
recv
WSAStartup
send
shutdown
closesocket
gethostbyaddr
gethostbyname
htons
socket
connect
WSAAsyncSelect

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94c0216ad34e945119775dc29936558c

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

shell32

user32

wsock32

Sections

UPX0 Size: 120KB - Virtual size: 120KB

.rsrc Size: 3KB - Virtual size: 4KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avp
Size: 3KB - Virtual size: 4KB