3e2b3036cb072cfa018b7a834d6d4f67c3733f18d2f838a4a1aee0df3d968705

General

Target

3e2b3036cb072cfa018b7a834d6d4f67c3733f18d2f838a4a1aee0df3d968705
Size

150KB
MD5

a7b3b986a006d9ce4edb5a33c127e427
SHA1

fc4da5e59a75116a713ec797f47e0f1d08ca1621
SHA256

3e2b3036cb072cfa018b7a834d6d4f67c3733f18d2f838a4a1aee0df3d968705
SHA512

952bf5ca6deed2fa7d4d1d49b3a519dafba68f2c38b1e39644c2f558b7538de56b867b4bfd3704fe38261a3b430ae407e57d02198a68b712cd93db097e1e2798
SSDEEP

1536:DwCd+qitb0bt+FTCQ2X9EvHsdXMu1x20n2eN6BRkGa:Dv4b0hJ9EE1Mu1x2q2eYRG

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e2b3036cb072cfa018b7a834d6d4f67c3733f18d2f838a4a1aee0df3d968705

Files

3e2b3036cb072cfa018b7a834d6d4f67c3733f18d2f838a4a1aee0df3d968705
.exe windows:5 windows x86 arch:x86

83b45e356be38dee9f40ac165206f07f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
LoadLibraryA
GetModuleHandleW
HeapFree
GetVersionExA
GetStartupInfoW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

83b45e356be38dee9f40ac165206f07f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

UPX0 Size: 40KB - Virtual size: 40KB

UPX1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 76KB - Virtual size: 76KB

UPX0
Size: 40KB - Virtual size: 40KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 76KB - Virtual size: 76KB