b0cab085e40d11cc74a5826a3da8dbfb86292e0be56472dd63be2f559a0d662f

Sharing

Copy URL

Twitter E-mail

General

Target

b0cab085e40d11cc74a5826a3da8dbfb86292e0be56472dd63be2f559a0d662f
Size

272KB
MD5

3d65d0cd51d25655da28fb072639b4fc
SHA1

ec68fe2139f9963a48cc0255f046814dd76d3166
SHA256

b0cab085e40d11cc74a5826a3da8dbfb86292e0be56472dd63be2f559a0d662f
SHA512

3fbd798bdd9ebc72da5b255df1b4a8ab777d5f167b8521ce3f516409766273b922bcdd6cf65e506e0e12030997613bc6f2f100c00b13ffcad1bf4824cdc9c613
SSDEEP

1536:OpeN3F1ibpk0zYKrnfxrxOyvCUm/VJvKk/GEpTv+QOA+LgQxdnQDi9EazQ0bnpsS:OpqV3UproCdYVJvKIxThlYlOGbV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0cab085e40d11cc74a5826a3da8dbfb86292e0be56472dd63be2f559a0d662f

Files

b0cab085e40d11cc74a5826a3da8dbfb86292e0be56472dd63be2f559a0d662f
.exe windows:4 windows x86 arch:x86

9c438bba97c6d0fa398955b2ebe877cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpprt1

?prepareOpStack
?ehIsError
?ehSetContext
?setjmp
?exeNativeError
?exeStackUnwind
?momSOn
?conNewNil
?symContextInit
__vft14ConLogicObject10AtomObject
__vft18ConUndefinedObject10AtomObject
?conNAllocL
?passParameter
?momSOff
ACREATE
SECONDS
EMPTY
?retStackValue
MSGBOX
_QUIT
UPPER
ALLTRIM
?domAssign
APPNAME
RIGHT
?domXEql
?domNot
?domAddEqu
?domValSubStr
FEXISTS
?domAdd
VALTYPE
?domValEql
DIRECTORY
?domGetElem
?domNEql
?orShortCut
?domSub
ABS
?domGCmp
?domOr
_COPYFILE
LEN
?domEql
SLEEP
?domValXEql
_BREAK
AADD
FCLOSE
FCREATE
CHR
FWRITE
?ehUnsetContext
?ehUnwind
?ehGetBreakContainer
?conRelease
?andShortCut
INKEY
?domAnd
?domLCmp
?retNil
?conNRelease
?conNReleaseL
?frameExit
FOPEN
?retStackItem
FSEEK
?domGECmp
?domValLECmp
SPACE
FREAD
AT
FREADSTR
SUBSTR
STRTRAN
MAX
APPDESKTOP
?conSendItem
?conAssignRefWMember
?conMemberToItem
?pushCodeBlock
THREAD
SETAPPWINDOW
__vft19ConNumericIntObject10AtomObject
SETAPPFOCUS
REPLICATE
STR
?domRefElem
__vft20ConStringConstObject10AtomObject
RAT
LEFT
CURDIR
DLLCALL
VAL
__vft14ConStringShort10AtomObject
_iniExitProcedureList
___iniStart
___iniGetDLLInitHook
__This_executable_needs_version_1_90_0
___xpprt1Version
?conNewString
DLLLOAD
DLLUNLOAD
?nomClassLock
?nomClassUnlock
?retObject
XBPBASEDIALOG
?conGetClass
?nomCreateClass
?nomDefineVar
?nomDefineMethod
?nomEndClassDefinition
?conNewExtObject
?nomCallInitClass
?conGetSelfClass
XBPBASECRT
XBPBASECOMBOBOX
XBPBASELISTBOX
XBPBASEPUSHBUTTON
XBPBASESPINBUTTON
XBPBASEMENUBAR
XBPBASEMENU
XBPBASESLE
XBPBASEMLE
XBPBASETREEVIEW
XBPBASETREEVIEWITEM
XBPBASE3STATE
XBPBASETABPAGE
XBPBASESCROLLBAR
XBPBASECHECKBOX
XBPBASERADIOBUTTON
XBPBASESTATIC
XBPBASEPRESSPACE
SETMOUSE
ACLONE
INT
BAND
?pushDynamicCodeBlock
ASCAN
SHELLLINKRESOLVE
AEVAL
FSIZE
PCOUNT
?domValNEql
GRAQUERYTEXTBOX
?conOpNewInt
L2BIN
?domMul
SET
CONVTOANSICP
APPEVENT
SETAPPEVENT
EVAL
BIN2L
__vft21ConNumericFloatObject10AtomObject
LOADRESOURCE
PROCNAME
THREADID
DOSERROR
ARRAY
ERRORBLOCK
ERROR
BREAK
WORKSPACELIST
?setSWArea
DBCOMMIT
?restWArea
DBCLOSEAREA
DBRROLLBACK
DBSESSION
ISFUNCTION
?executeMacro
LTRIM
DOSERRORMESSAGE
APPTYPE
ROW
COL
ALERT
SETPOS
ERRORLEVEL
ISMETHOD
?domInc
TRIM
PROCLINE
?floadTos
CONFIRMBOX
?domValGCmp
ROOTCRT
PADL
TONE
QOUT
OUTERR
DATE
TIME
VERSION
OS
VAR2CHAR
QQOUT
MLCOUNT
MEMOLINE
RTRIM

Sections

UPX0
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c438bba97c6d0fa398955b2ebe877cb

Headers

File Characteristics

Imports

xpprt1

Sections

UPX0 Size: 168KB - Virtual size: 168KB

UPX1 Size: 28KB - Virtual size: 28KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 168KB - Virtual size: 168KB

UPX1
Size: 28KB - Virtual size: 28KB

UPX2
Size: 72KB - Virtual size: 72KB