e1d504956f05077847bb58bae04425ed

Sharing

Copy URL Twitter E-mail

General

Target

e1d504956f05077847bb58bae04425ed
Size

558KB
MD5

e1d504956f05077847bb58bae04425ed
SHA1

cb481a52aef17aaa4ab790816c49e520cb38e2df
SHA256

2c12ebb6a611a05c3d69414a5c7fed88cb659afbcda775e6a0ad055b4455e126
SHA512

edc046534b9b045102abbed8d2398f9008d1d12b2ef487c355569001a745390d4ce7ade314b649b62ea569e4fe353cdd51a1e06bfc332c2cb1a97d94e2852d94
SSDEEP

1536:7vfvOnAM860CesFNMakTDc5XQsLO8Jtz+PQ0Fm9a+8plyKinhscfoTW2iPnNLHer:7Ou9tTAWeOiqwa+Ql/GFjeTc6Li+Qm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1d504956f05077847bb58bae04425ed

Files

e1d504956f05077847bb58bae04425ed
.exe windows:4 windows x86 arch:x86

3cfc25d0a3e5c0386ab7030a6a51530b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
Get��AttributesA
Crs paThread
TlsSetValueA
LPCurrentThreadId
IsBadWriteHtr d
Virtualtck
Virtual�� d
HeapCrs pa d
HeapDBt �
LCMapS. W
LCMapS. A
WideCharToMultiByte
HeapSize
HeapRytck
RaiseE��K�af
GetCCID
Getite
GetCurrentProcess
RtlUnwind
Heaptck
Heap�� d
Tlstck
SetLast X-�
TlsGetValueA
UnhandledE��K�af 000teru
Free��tR�uN��S. seu
Free��tR�uN��S. sW
Get��tR�uN��S. s
Get��tR�uN��S. sW
Set��n>QCount
GetStdHandle
Get��Type
Flush��Buffers
SetUnhandledE��K�af 000teru
GetCPInfo
00ndFirstFileA
GetOEMCP
GetACP
IsBadCodeHtr d
lstrlenA
I $Gk
Getf. TypeA
Getf. TypeW
IsBadReadHtr d
Local��
GetLocalTime
GetfF%M,B#
C��n>Q
G��bal��
G��baltck
WriteFile
Crs paFileA
ECitThread
DebugBreak
OutputDebugS. A
GetLast X-�
ReadFile
SetFilePointer
SetEndOf0000
Get��AttributesExA
MoveFileA
�� aFileA
Remove#
Crs pa#
00ndNextFileA
SetStdHandle
I $Gk
Sleep
lstrcpynA
MultiByteToWideChar
CSpyFileA
lstrcpyA
GetProcA�uP
�ʿ�Librarye
lstrcatA
GetTickCount
GetVersionExA
G��balMem-�ySt�us
00ndClose
GetTimeForBatA0
LPDateForBatA0
Get��Size
Get
�� aCriticalSecti��
�s veCriticalSecti��
b/waUXEZbH
OpenProcess
GetLocale_lisA
Leep
ANGModule��NaN�e dGetVersion
GetVersion
ExitH
Crs paMutexA
EnterCriticalSecti��
Ic) $pgardCriticalSecti��
I $Gk

advapi32

GetUserNameAR
RegOpenKeyA
RegCreateKeyA
Reg�� aValueA
RegC��Key
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegQue�V��ExA

gdibooleamprooleaolebooleaoleautbooleashell32

DeleteDC
Crs pa#CA
CreateDIBSecti��
BitBlt
G
DeleteObject
G
CreateCSSSStibleDC
SelectObject

mprooleaolebooleaoleautbooleashell32

WNetOpenEnumA
WNetC��Enum
WNetEnumResourceA

olebooleaoleautbooleashell32

CSInitialize
CSCreateInstanE|

oleautbooleashell32

shell32

ShellExecuteA

~sn

keybd_X
GetDlgIM,B
SetTimer
GetParent
DBt �Window
DBfWindowProcA
SetFocuP
PostQuit
LoadIconA
RegisterClaDWA
CreateWindowExA
Create#
GetWindowRectp
AdjustWindowRect
S
Get
Is#
Translate
Dispatch
ExitWindowsEx
00ndWindowA
ShowWindow
Send
GetD��ktopWindow
GetK
GetForeg Window
GetWindowTextA
GetK
GetAsyncK
wsprintfA
IsCh

wininet.oleawinmm.oleawsock32oleap�

InternetOpenA
InternetC��n>Q
FtpPutFileA
InternetCCnnectA

winmm.oleawsock32oleap�

timeGetTime
mciSendS. A

wsock32oleap�

kisten
bind3
gethostbyaddr
inet_addr
get�Pkname
htCns
ac��K�
send
�Pket
�ucv
�lect
WSAGetLast X-�
WSAleanup
WSAite
�tsockopt
__WSAFDIsSet
cnn
close�Pket
gethostbyname
htCnl
ioctlsPket

Sections

UPX�
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrcu
Size: 1024B - Virtual size: 1734.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ava
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3cfc25d0a3e5c0386ab7030a6a51530b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

gdibooleamprooleaolebooleaoleautbooleashell32

mprooleaolebooleaoleautbooleashell32

olebooleaoleautbooleashell32

oleautbooleashell32

shell32

~sn

wininet.oleawinmm.oleawsock32oleap�

winmm.oleawsock32oleap�

wsock32oleap�

Sections

UPX� Size: 552KB - Virtual size: 552KB

.rsrcu Size: 1024B - Virtual size: 1734.8MB

.ava Size: 4KB - Virtual size: 4KB

gdibooleamprooleaolebooleaoleautbooleashell32

mprooleaolebooleaoleautbooleashell32

olebooleaoleautbooleashell32

oleautbooleashell32

wininet.oleawinmm.oleawsock32oleap�

winmm.oleawsock32oleap�

wsock32oleap�

UPX�
Size: 552KB - Virtual size: 552KB

.rsrcu
Size: 1024B - Virtual size: 1734.8MB

.ava
Size: 4KB - Virtual size: 4KB