ccfe30e56e112b44e5b4c2fb3b460ead

General

Target

ccfe30e56e112b44e5b4c2fb3b460ead
Size

486KB
MD5

ccfe30e56e112b44e5b4c2fb3b460ead
SHA1

f8ff6290a2858eab0a1955a4dd5500793e7a9f05
SHA256

bfb32ca9593f867d18afd80f0d241c63749a512f4612adad522470d85a10d854
SHA512

a010b956f14315168a9633f078dc0909846653807528b9c436c726a599ef2d6be5f2acafe0e47dfdb00988fe9887e6a724ee39d761782b240602ab8ba99f8aa5
SSDEEP

3072:7FmgJ/vfIk2cNmG/VtpaRSfqhn+25Uf6gyJ:RmgJXfIk2cNVqRSfMn+Tf6n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccfe30e56e112b44e5b4c2fb3b460ead

Files

ccfe30e56e112b44e5b4c2fb3b460ead
.exe windows:1 windows x86 arch:x86

a061136429a19e37cb7df0c9d20fcffa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
CloseHandle
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
CopyFileA
OpenMutexA
OpenProcess
ReleaseMutex
RtlUnwind
SetCurrentDirectoryA
WinExec
CreateMutexA
lstrcatA
lstrlenA
CreateProcessA
CreateThread

advapi32

LookupPrivilegeValueA
CloseServiceHandle
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
AdjustTokenPrivileges
RegDeleteValueA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

crtdll

_iob
_itoa
__GetMainArgs
_sleep
_strdup
_stricmp
_strnicmp
toupper
_unlink
atoi
calloc
exit
fclose
feof
ferror
fgetc
fgets
fopen
fputc
free
fwrite
getenv
gmtime
localeconv
localtime
malloc
memcpy
memmove
memset
pow
raise
rand
signal
srand
strcat
strchr
strcmp
strncmp
strncpy
strstr
strtok
strtol
time
ungetc
wcslen
wctomb

wininet

InternetGetConnectedState

ws2_32

ioctlsocket
inet_addr
htons
socket
gethostbyname
connect
closesocket
__WSAFDIsSet
WSAStartup
WSASetLastError
send
select
WSAGetLastError
recv

Sections

UPX0
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a061136429a19e37cb7df0c9d20fcffa

Headers

File Characteristics

Imports

kernel32

advapi32

crtdll

wininet

ws2_32

Sections

UPX0 Size: 480KB - Virtual size: 480KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 480KB - Virtual size: 480KB

.avc
Size: 2KB - Virtual size: 4KB