deff80816277b5666e16e80c793c6e74

General

Target

deff80816277b5666e16e80c793c6e74
Size

211KB
MD5

deff80816277b5666e16e80c793c6e74
SHA1

c792013dbb972effa454cde821ff35f9c657b565
SHA256

77521a2f36f69039aa32dc3f1703335d2109158326235fb0189d5ebc06ded129
SHA512

cfd53bf6a1b6ddf63796635dd714a34fca91fe17172b27beb7bd3c46fd694cc5311bb37253ff7975501189b5203fb9bc649379db801e2ca3775ec85c1cb7a0b3
SSDEEP

3072:3JtUMKNaEhqcPDu491NIxcQORWijot+sdmJxcSond:5qMKNEWIy3EijotXcTBk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deff80816277b5666e16e80c793c6e74

Files

deff80816277b5666e16e80c793c6e74
.exe windows:4 windows x86 arch:x86

5ade79994863519e81c0e472fab9b010

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
WinExec
LoadLibraryA
GetCurrentProcessId
ExitThread
GetProcAddress
GetModuleFileNameA
Sleep
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetConsoleCtrlHandler
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
IsBadReadPtr
HeapValidate
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
HeapReAlloc
HeapFree
GetLastError
VirtualFree
VirtualAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
UnhandledExceptionFilter
CloseHandle

advapi32

RegSetValueExA
RegOpenKeyExA

wsock32

WSAStartup
htonl
inet_ntoa
recvfrom
sendto
closesocket
recv
send
accept
listen
socket
ioctlsocket
connect
WSAGetLastError
htons
setsockopt
bind
select
__WSAFDIsSet
inet_addr
gethostbyname

Sections

UPX0
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ade79994863519e81c0e472fab9b010

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

Sections

UPX0 Size: 208KB - Virtual size: 208KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 208KB - Virtual size: 208KB

.avp
Size: 2KB - Virtual size: 4KB