d578f12c7b1b2dea1e71bc03d8f9f8f0

Sharing

Copy URL Twitter E-mail

General

Target

d578f12c7b1b2dea1e71bc03d8f9f8f0
Size

220KB
MD5

d578f12c7b1b2dea1e71bc03d8f9f8f0
SHA1

bb171ce94f1bdce771e8c6f7096ab486ad8ef072
SHA256

76c6735c1ae046072e91d3dcbba5c3849f5c253091179b405334c59b3db3bb35
SHA512

9a9de61826548c0351f07f884b802e683a5368c991cabb930dbb8c1759ec73eefa03c5a94424716205476b976d44a93efa3cc981c33f053c7a16619e06a0ee15
SSDEEP

3072:INgMcbQiJAI1gIH4QS8ftFfE4nCyFAUfVEgWzscXzfzSrFjslyfjUn1lV:INkbFJLKj8ftF3nYUfVECOSX8lV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d578f12c7b1b2dea1e71bc03d8f9f8f0

Files

d578f12c7b1b2dea1e71bc03d8f9f8f0
.exe windows:4 windows x86 arch:x86

de3bceed4c9b15efd23ac8aebca7372d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCancelConnection2A

kernel32

GetFileAttributesA
UnmapViewOfFile
MapViewOfFile
SetFileAttributesA
SetLastError
DeleteFileA
GetShortPathNameA
CopyFileA
GetCurrentProcess
SetFilePointer
GetStringTypeW
GetStringTypeA
OpenEventA
OpenFileMappingA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
WaitForSingleObject
GetVersion
lstrlenA
CreateFileA
lstrcmpiA
MultiByteToWideChar
GetComputerNameA
CreateProcessA
HeapReAlloc
GetStartupInfoA
lstrcatA
GetProcAddress
lstrcpyA
WideCharToMultiByte
GetModuleFileNameA
FreeLibrary
LoadLibraryA
CreateThread
GetVersionExA
LockResource
FindResourceA
LoadResource
LocalFree
GetLastError
FormatMessageA
CloseHandle
Sleep
GetExitCodeThread
HeapFree
GetProcessHeap
HeapAlloc
FlushFileBuffers
SetStdHandle
WriteFile
LCMapStringW
LCMapStringA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetModuleHandleA
ExitProcess

user32

GetWindowRect
GetSystemMetrics
SetWindowPos
DestroyWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
SystemParametersInfoA
GetDlgItem
DefWindowProcA
SetWindowTextA
SendMessageA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
CreateDialogParamA
MessageBoxA
wsprintfA
LoadStringA

gdi32

DeleteObject
CreateFontIndirectA

advapi32

LookupAccountNameA
EqualSid
RegQueryValueExA
RegCloseKey
RegOpenKeyA
ChangeServiceConfigA
CreateServiceA
QueryServiceConfigA
StartServiceA
ControlService
EnumDependentServicesA
QueryServiceStatus
OpenServiceA
DeleteService
CloseServiceHandle
OpenSCManagerA

odbc32

ord36
ord9
ord35
ord11
ord31
ord24
ord75
ord41

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rol
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de3bceed4c9b15efd23ac8aebca7372d

Headers

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

odbc32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 8KB - Virtual size: 4KB

.rol Size: - Virtual size: 1B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 8KB - Virtual size: 4KB

.rol
Size: - Virtual size: 1B

UPX0
Size: 144KB - Virtual size: 380KB