f03bf29ec6c8055453e8464babe5c1aada9ff0d2c5295f25a7a5e2edf04bb768

Sharing

Copy URL Twitter E-mail

General

Target

f03bf29ec6c8055453e8464babe5c1aada9ff0d2c5295f25a7a5e2edf04bb768
Size

774KB
MD5

05a24ed0faeea69f881312746d3ac26e
SHA1

c7d821d4d9fb94da388e5d0f9091bd6fae48d7f7
SHA256

f03bf29ec6c8055453e8464babe5c1aada9ff0d2c5295f25a7a5e2edf04bb768
SHA512

fafa496f94a479a6b2583903150c1ac932234d20e194b0d5b641aaf7cc2aed0f92470ef1083652f995e73040aa1db11505f552f62169d78c3a205ff9d7303935
SSDEEP

24576:ZnbFe0iu4ci+sjyjr6bGnhUQ2p/FxE3LsCBsCM:ZbLiu4cnsjsrl+vDa3YoDM

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f03bf29ec6c8055453e8464babe5c1aada9ff0d2c5295f25a7a5e2edf04bb768

Files

f03bf29ec6c8055453e8464babe5c1aada9ff0d2c5295f25a7a5e2edf04bb768
.exe windows:4 windows x86 arch:x86

0ea777e85d7285c5ceb107eb2ea2b569

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mi_exe_stub.pdb

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
GetStartupInfoW
SetFilePointer
ReadFile
LockResource
GetLastError
WriteFile
FindResourceW
GetVersionExW
FindResourceExW
LocalFree
CreateFileW
SetFilePointerEx
WideCharToMultiByte
FormatMessageW
RaiseException
GetTempPathW
GetModuleFileNameW
lstrlenA
lstrcmpiW
lstrlenW
DeleteFileW
RemoveDirectoryW
SizeofResource
MultiByteToWideChar
GetTempFileNameW
CopyFileW
CloseHandle
SetLastError
CreateDirectoryW
LoadResource
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
OutputDebugStringA

msvcrt

_lock
_unlock
??3@YAXPAX@Z
memcmp
wcslen
wcscmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
strtol
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_XcptFilter
_cexit
__getmainargs
free
memmove
memcpy
memset
_ismbblead
_vsnwprintf
_errno
__CxxFrameHandler
?terminate@@YAXXZ
_controlfp
__dllonexit
_onexit
realloc
_exit

shlwapi

PathAppendW
PathQuoteSpacesW

ole32

CoUninitialize
CoInitializeEx

shell32

SHGetFolderPathW
ord680

user32

wvsprintfW
MessageBoxW
CharNextA
CharLowerBuffW
UnregisterClassA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

..
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ea777e85d7285c5ceb107eb2ea2b569

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

shlwapi

ole32

shell32

user32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 718KB - Virtual size: 717KB

.reloc Size: 2KB - Virtual size: 2KB

.. Size: 23KB - Virtual size: 24KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 718KB - Virtual size: 717KB

.reloc
Size: 2KB - Virtual size: 2KB

..
Size: 23KB - Virtual size: 24KB