e96494f8224ede28478c0baa33259eb1803aa70a573488a84029904f896d046b

General

Target

e96494f8224ede28478c0baa33259eb1803aa70a573488a84029904f896d046b
Size

57KB
MD5

89461250cdbc5e55892f4ef80f1e3983
SHA1

ce8cdde54b3cd690627cc5e6c30d94655c689bfa
SHA256

e96494f8224ede28478c0baa33259eb1803aa70a573488a84029904f896d046b
SHA512

8e4e233c0b730332cbf4e2342488f4be9c21602305ccafd486542467e88e278259b4eeb5622f3f60e235a3480e95b8673f1b7fe27cfc42ac9c3dcd02183e76a9
SSDEEP

1536:oia84BktxAGCuKy4aoRpCqk7+meZMxECxjV:aEzCuK66CqmrmCx

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e96494f8224ede28478c0baa33259eb1803aa70a573488a84029904f896d046b

Files

e96494f8224ede28478c0baa33259eb1803aa70a573488a84029904f896d046b
.dll windows:4 windows x86 arch:x86

e23b2990e58346a0a026310d32a82b0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceA
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
GetLastError
CreateMutexA
lstrcmpiA
GetModuleFileNameA
WaitForSingleObject
GetTickCount
GetLogicalDrives
FindClose
FindNextFileA
SetFileAttributesA
CopyFileA
GetFileAttributesA
FindFirstFileA
lstrcpyA
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
FreeLibrary
SetEvent
CreateEventA
DisableThreadLibraryCalls
LoadLibraryA
lstrcatA
GetSystemDirectoryA

shell32

ord64

shlwapi

PathFindExtensionA
PathAppendA
PathFindFileNameA

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e23b2990e58346a0a026310d32a82b0a

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 700B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 1024B - Virtual size: 522B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 700B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 1024B - Virtual size: 522B