c7b7b30e0ec8e89b902112f8efd27441

General

Target

c7b7b30e0ec8e89b902112f8efd27441
Size

23KB
MD5

c7b7b30e0ec8e89b902112f8efd27441
SHA1

8be9374bda4a42882b227d2b766baa512e9e843a
SHA256

75e537fffac8bfd4ebc003f3ab8c513780c502d62952899b7f429ae1bdec0fd3
SHA512

6bc30ffabffa5d77c94035ea285a03c0a92b60ed268dec30ab212a599d11e68f4ad7ea122acfb43ccd6f8144e68a1b4f225dcf59b94be9bb470f0af59460bb87
SSDEEP

384:qbRnT8/PEKVmJZqPyFXbK0ICpN1VWKtzbODsGRtTPxI2GcQ0:48/PoFXbbICpbltzbQs8Tq2G8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7b7b30e0ec8e89b902112f8efd27441

Files

c7b7b30e0ec8e89b902112f8efd27441
.exe windows:4 windows x86 arch:x86

28ef958b9f1fcd295b07c14ccc81d9ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
GetModuleFileNameA
lstrcmpiA
CopyFileA
WinExec
CreateToolhelp32Snapshot
Process32First
TerminateProcess
Process32Next
TerminateThread
DeleteFileA
ExitProcess
GetFileSize
ReadFile
InterlockedIncrement
CreateProcessA
CreateMutexA
lstrcmpA
GetLocaleInfoA
lstrcpyA
GetLastError
SystemTimeToFileTime
GetSystemTime
CloseHandle
WriteFile
CreateFileA
lstrcpynA
SetCurrentDirectoryA
GetSystemDirectoryA
ExitThread
SetEvent
WaitForSingleObject
CreateThread
CreateEventA
lstrlenA
Sleep
GetCurrentProcess
GetProcAddress
GetModuleHandleA
WriteProcessMemory
OpenProcess
GetTickCount
lstrcatA

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
AbortSystemShutdownA
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptImportKey

msvcrt

strcpy
strcat
atoi
srand
_EH_prolog
__CxxFrameHandler
strstr
strchr
strlen
memset
memcpy
rand

user32

FindWindowA
GetForegroundWindow
GetWindowThreadProcessId
wsprintfA

wininet

InternetGetConnectedState
InternetOpenA
InternetReadFile
InternetOpenUrlA

ws2_32

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28ef958b9f1fcd295b07c14ccc81d9ca

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

wininet

ws2_32

Sections

UPX0 Size: 20KB - Virtual size: 20KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 20KB - Virtual size: 20KB

.avp
Size: 2KB - Virtual size: 4KB