bed1fbb614d8ce51cc168d65347e65cf

Sharing

Copy URL

Twitter E-mail

General

Target

bed1fbb614d8ce51cc168d65347e65cf
Size

85KB
MD5

bed1fbb614d8ce51cc168d65347e65cf
SHA1

2e7814e6318349a1a6520054c1aee3e9b796d852
SHA256

8e86581091595d422accf95e0310b7a7c830334c8bd975963569b570b36a7b73
SHA512

0d84997152ac7b61aa04b496d410954b5390a8e7d05e34be99b45de80b679dadcebb5d40ecffd5657e66d40aea9226643184a2bb359e4a9e86def5bb0a6dc658
SSDEEP

768:QI+qDEluMFoETJwVAGInBOdp8Wccuojf2uxPQLrEKNNgE2SmqOGlIG1pv3edrSid:B+qDElYETJwVtPVfFm1lIApvmLPons

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bed1fbb614d8ce51cc168d65347e65cf

Files

bed1fbb614d8ce51cc168d65347e65cf
.exe windows:1 windows x86 arch:x86

ca085282af46766d0077e95343d95f96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenA
lstrcmpiA
lstrcatA
WriteFile
TerminateProcess
ReadFile
OpenMutexA
MoveFileExA
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetEnvironmentVariableA
GetCommandLineA
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateMutexA
CreateFileA
CreateDirectoryA
CompareStringA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
lstrcpyA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantClear
SysFreeString
SysAllocStringLen

shell32

DragFinish

user32

GetKeyboardType
MessageBoxA
CharNextA
FindWindowA

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca085282af46766d0077e95343d95f96

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shell32

user32

Sections

UPX0 Size: 76KB - Virtual size: 76KB

.rsrc Size: 3KB - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB