f1f6343c526988eaa5a9d3dd6ada05350aae532135813bdfb52baa1d9a7396a9

General

Target

f1f6343c526988eaa5a9d3dd6ada05350aae532135813bdfb52baa1d9a7396a9
Size

352KB
MD5

18ed7df59cdb227da2553b2f298885e5
SHA1

77b69f8a58f351906d4cda8007af5ea7d1ceb909
SHA256

f1f6343c526988eaa5a9d3dd6ada05350aae532135813bdfb52baa1d9a7396a9
SHA512

b3b376ce47dfde67206764126c2425db2062bb449a5a9d8eefaa639275c5763507eb0f9319bb1b2595220a59fd9346fe1ebd3b6b05a6170f0edf98d82eccd6b0
SSDEEP

1536:PVvSHcWgnQs8VMNvY3vy3QpTha5MR8Vcxu3aNRk:tv0cIs8mNvY63Qhha5MZu3aNRk

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1f6343c526988eaa5a9d3dd6ada05350aae532135813bdfb52baa1d9a7396a9

Files

f1f6343c526988eaa5a9d3dd6ada05350aae532135813bdfb52baa1d9a7396a9
.exe windows:4 windows x86 arch:x86

1d788321f6e6b6fd0bba0547f85c4090

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetSystemTime
MultiByteToWideChar
GetLocaleInfoA
GetModuleHandleA
FindNextFileA
FindFirstFileA
FlushFileBuffers
SetEnvironmentVariableA
FindClose
Sleep
CompareStringW
CompareStringA
SetStdHandle
SetFilePointer
GetTimeZoneInformation
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
GetProcAddress
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
SetConsoleCtrlHandler
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle

advapi32

GetUserNameW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

user32

MessageBoxA

Sections

UPX0
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d788321f6e6b6fd0bba0547f85c4090

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

user32

Sections

UPX0 Size: 228KB - Virtual size: 228KB

UPX1 Size: 44KB - Virtual size: 44KB

.rsrc Size: 76KB - Virtual size: 76KB

UPX0
Size: 228KB - Virtual size: 228KB

UPX1
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 76KB - Virtual size: 76KB