ca9f8a1f502191f086bd280387fa6b90

General

Target

ca9f8a1f502191f086bd280387fa6b90
Size

40KB
MD5

ca9f8a1f502191f086bd280387fa6b90
SHA1

e2643e1b9f547113932f924754a6deb759e84c3b
SHA256

15b69ff6a9152cdbc30483b4be99c8e6d56ebf5fcc23fb30b2c06b31b31daaf6
SHA512

f7172cc88aecdcca03fbc0b710bb6000a4ee853e60996f6ab8d1d1d54bc6a0e4f310d6bb5b76dbbc6dbabb4bb4032b1a718a3ae91cf4238e6caa5d91f0bef09c
SSDEEP

768:csz+dkO4w7FTZg9v+s5qRbjj/4M5N7wR:gb4CFTZgR+sYRbjjA+eR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca9f8a1f502191f086bd280387fa6b90

Files

ca9f8a1f502191f086bd280387fa6b90
.dll windows:4 windows x86 arch:x86

2b0acbb2e7636583c1cc0e94aca51536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsGetValue
GetStdHandle
CloseHandle
GetLastError
GetCurrentProcess
OpenProcess
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
WriteProfileStringA
GetExitCodeThread
WaitForSingleObject
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
CreateThread
CreateEventA
SetEvent
GetVersionExA
ResetEvent
VirtualFree
HeapFree
GetCommandLineA
GetVersion
GetCPInfo
GetACP
GetOEMCP
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
MultiByteToWideChar
SetHandleCount
LCMapStringA
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualAlloc
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapAlloc
HeapReAlloc

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

user32

wsprintfA
DestroyWindow
DefWindowProcA
CreateWindowExA
RegisterClassA

Exports

Exports

HookAllProcesses
HookAllProcesses2
InitHookAPI
NTHookProcess
NTHookProcess2
NTInjectDll
NTUnInjectDll
NTUnhookProcess
NTUnhookProcess2
UnhookAllProcesses

Sections

UPX0
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b0acbb2e7636583c1cc0e94aca51536

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Exports

Exports

Sections

UPX0 Size: 36KB - Virtual size: 36KB

UPX2 Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 36KB - Virtual size: 36KB

UPX2
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB