e40f825d92d77c2accc1cd3600ff53cb4dc280a55ac5af2673810a9f0f1c97b8

General

Target

e40f825d92d77c2accc1cd3600ff53cb4dc280a55ac5af2673810a9f0f1c97b8
Size

109KB
MD5

00f2c72b5f8a88f64ac84e76c14d41a6
SHA1

a17d0745b2bc36dff9c5a5767b2c16a3bc71d242
SHA256

e40f825d92d77c2accc1cd3600ff53cb4dc280a55ac5af2673810a9f0f1c97b8
SHA512

3418b00a136312914df36bdd2869642bd296edc3d1a54a1d91e3e4cd9b13117fb395ccd492c3a7686e47df2bc83fc7b622ae1f9a41bc865b3ab086ef9cc48861
SSDEEP

1536:H7PvnKhWQtC3Izj6TrlDa2z6Ewd0zvPTQw9LBZRQ8V3zhbP:bPvKztiIzj6xtDLBZRQ8Vj5P

Score

10^/10

Malware Config

Signatures

Detects executables packed with eXPressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_eXPressor

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e40f825d92d77c2accc1cd3600ff53cb4dc280a55ac5af2673810a9f0f1c97b8

Files

e40f825d92d77c2accc1cd3600ff53cb4dc280a55ac5af2673810a9f0f1c97b8
.exe windows:4 windows x86 arch:x86

b7b36544c7913d18eb11f60f9865553a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
CloseHandle
WaitForSingleObject
lstrcpyA
InterlockedExchange
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
SetThreadPriority
GetLastError
SetUnhandledExceptionFilter
CreateThread
GetModuleHandleA
GetStartupInfoA

user32

wsprintfA
MessageBoxA

shell32

ShellExecuteA

msvcrt

_exit
_controlfp
??3@YAXPAX@Z
memmove
ceil
_ftol
strstr
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
sprintf
exit
strtok
_beginthreadex
fclose
fputs
fopen
rand
srand
fputc
_except_handler3
ftell
fseek
atoi
strchr
strncpy
strcspn
??1type_info@@UAE@XZ
__dllonexit
_onexit
fgetc
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

ws2_32

htons
gethostbyname
socket
ntohs
recv
closesocket
connect
send
inet_addr
WSACleanup
sendto
WSAStartup
htonl
gethostname
inet_ntoa
setsockopt
select

Sections

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7b36544c7913d18eb11f60f9865553a

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

ws2_32

Sections

.data Size: 68KB - Virtual size: 68KB

.ex_cod Size: 8KB - Virtual size: 8KB

.ex_rsc Size: 12KB - Virtual size: 12KB

.data
Size: 68KB - Virtual size: 68KB

.ex_cod
Size: 8KB - Virtual size: 8KB

.ex_rsc
Size: 12KB - Virtual size: 12KB