48d30914742e2df0fa87e7ec4c986d69d972f2111425e661c38f611cd1e8b771

General

Target

48d30914742e2df0fa87e7ec4c986d69d972f2111425e661c38f611cd1e8b771
Size

176KB
MD5

9c9f1ea9193e900ac2766b0ce6218805
SHA1

0a5ee635f2b1d2d779d27f8f731d443e0b4118de
SHA256

48d30914742e2df0fa87e7ec4c986d69d972f2111425e661c38f611cd1e8b771
SHA512

d780bb9355a45548aadc428d36a389bab85268232a939e2a1c321b66151bfbb113cbc4c1fc4cd9c300b0cda7499527c4e89de1c36dba74f006a47465767fa640
SSDEEP

1536:Iibq0RPDuVNJBC/a/yf5UFK128It8RVoag:IidEVfBCSKeT8I6RVoag

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48d30914742e2df0fa87e7ec4c986d69d972f2111425e661c38f611cd1e8b771

Files

48d30914742e2df0fa87e7ec4c986d69d972f2111425e661c38f611cd1e8b771
.exe windows:4 windows x86 arch:x86

6aeea7d2060e9f7c72b68b0cf82468fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetOEMCP
GetACP
lstrcpyA
CloseHandle
TerminateProcess
OpenProcess
ReadFile
GetStringTypeA
Process32First
CreateToolhelp32Snapshot
GetTempPathA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
Sleep
GetCurrentProcessId
Process32Next
LCMapStringW
GetWindowsDirectoryA
LeaveCriticalSection
EnterCriticalSection
CopyFileA
lstrcatA
GetSystemDirectoryA
GetDriveTypeA
SetThreadPriority
CreateThread
GetModuleFileNameA
InitializeCriticalSection
GetCurrentProcess
CreateMutexA
OpenMutexA
GetSystemTime
DeleteFileA
CreateFileA
SetEndOfFile
LCMapStringA
FindClose
FindNextFileA
GetCPInfo
FindFirstFileA
SetFilePointer
FreeEnvironmentStringsW
WideCharToMultiByte
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
GetLastError
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetFileType
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA

user32

EnumWindows
GetWindowTextA
SetCursorPos
GetCursorPos
GetWindowThreadProcessId

ws2_32

htons
gethostbyname
socket
WSAStartup
connect
closesocket
recv
send

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6aeea7d2060e9f7c72b68b0cf82468fa

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

ws2_32

Sections

UPX0 Size: 76KB - Virtual size: 76KB

UPX1 Size: 24KB - Virtual size: 24KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 76KB - Virtual size: 76KB

UPX1
Size: 24KB - Virtual size: 24KB

UPX2
Size: 72KB - Virtual size: 72KB