d76ee74953b736002d2697890f949938

General

Target

d76ee74953b736002d2697890f949938
Size

155KB
MD5

d76ee74953b736002d2697890f949938
SHA1

e119bbe4a0f2c60db0318994fefdf5d3e40f1fb8
SHA256

49eb861636dfe28b4f6fbab084c1d49f1f2733100d83e6c6491c3f4fdd69b631
SHA512

d97550cd0c0a27fc1f5ff9650f5f5f49beaa3e875e54c3882f1bba5909ca9db16e20e0f6d352ecccd67bae0fd10f767327cf3de0467a103a686bb2cf0f218f76
SSDEEP

3072:XYML+krSYAc4rADm8n/oiYsoGvo9rIfZRDKuCQ4BNy2BNfD7Fmyvzpr2:XYMLlSY5tnQXmo9rIDDKuF4B02TbMyvA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d76ee74953b736002d2697890f949938

Files

d76ee74953b736002d2697890f949938
.exe windows:6 windows x86 arch:x86

2e115147cf7ac4de357febfbd202ee6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TapiUnattend.pdb

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

kernel32

GetLastError
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

__set_app_type
_except_handler4_common
?terminate@@YAXXZ
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
??2@YAPAXI@Z
??3@YAXPAX@Z
_controlfp

wdscore

WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e115147cf7ac4de357febfbd202ee6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

wdscore

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 888B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 586B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 888B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 586B

UPX0
Size: 144KB - Virtual size: 380KB