de2ac42780f0db3bf7b143115439dffd

Sharing

Copy URL

Twitter E-mail

General

Target

de2ac42780f0db3bf7b143115439dffd
Size

6.5MB
MD5

de2ac42780f0db3bf7b143115439dffd
SHA1

882e9e45c5f244e3c866aaf962b4942b2e8b5c86
SHA256

a9ec902ff95019c3c6b034f392e1ec458c13e07ba7454ce0259bd421c3774281
SHA512

c2c55123c2794da62af3c1ae714ddb7e451e7620de7a0ea726e894b7e9cbb257fa833652081c301faf9d646426245343b90332a0080055495a8090c95bc7c610
SSDEEP

196608:yO7M2c+97QqfbNNX2qisKHRRnSyBz3d5nAK8V:yTiffbNNm2KHRtZ3d5Ze

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de2ac42780f0db3bf7b143115439dffd

Files

de2ac42780f0db3bf7b143115439dffd
.exe windows:4 windows x86 arch:x86

e2473be364b259f755b8017e6b525e19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32 kernel32

LoadLibraryA H�X

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess

advapi32

LsaClose

avicap32

capGetDriverDescriptionA

comctl32

ImageList_Add

gdi32

SaveDC

gdiplus

GdipFree

msacm32

acmStreamSize

netapi32

Netbios

ntdll

NtUnmapViewOfSection
NtQuerySystemInformation

ole32

IsEqualGUID

oleaut32

VariantCopy

pstorec

PStoreCreateInstance

rasapi32

RasEnumEntriesA

shell32

ShellExecuteA

shfolder

SHGetFolderPathA

url

InetIsOffline

urlmon

URLDownloadToFileA

user32

GetDC

version

VerQueryValueA

wininet

FtpPutFileA

winmm

waveInOpen

ws2_32

WSAIoctl

wsock32

send

iphlpapi

GetAdaptersInfo

Sections

UPX0
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 928KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2473be364b259f755b8017e6b525e19

Headers

File Characteristics

Imports

kernel32 kernel32

kernel32

advapi32

avicap32

comctl32

gdi32

gdiplus

msacm32

netapi32

ntdll

ole32

oleaut32

pstorec

rasapi32

shell32

shfolder

url

urlmon

user32

version

wininet

winmm

ws2_32

wsock32

iphlpapi

Sections

UPX0 Size: 5.5MB - Virtual size: 5.5MB

SE Size: 14KB - Virtual size: 20KB

SE Size: 928KB - Virtual size: 928KB

SE Size: 19KB - Virtual size: 20KB

SE Size: 4KB - Virtual size: 4KB

UPX0
Size: 5.5MB - Virtual size: 5.5MB

SE
Size: 14KB - Virtual size: 20KB

SE
Size: 928KB - Virtual size: 928KB

SE
Size: 19KB - Virtual size: 20KB

SE
Size: 4KB - Virtual size: 4KB