175b237d067ae6a7fb501aa72c15fbd4bc833d6c3522aaedea59961ce0e46b80

Sharing

Copy URL Twitter E-mail

General

Target

175b237d067ae6a7fb501aa72c15fbd4bc833d6c3522aaedea59961ce0e46b80
Size

2.8MB
MD5

6541a99c69b98a753af8598eab60b8dc
SHA1

0326fe53010337b7bf42c1213ea4b17c333f3dc8
SHA256

175b237d067ae6a7fb501aa72c15fbd4bc833d6c3522aaedea59961ce0e46b80
SHA512

469a4613c867807ea4bade1fd066c8fb15f2641df7f69a0d27c46c47de05c2da08ff38436da23a8fea9a141e25ed5348b8b098a7e58edf4c4eb8ee49721c9996
SSDEEP

49152:PAZ/hzeemuh3S8Rd+REYPkKivOiRLKmO2lnz0Ztxoy0F/pbRybmlBqG1YsMpQN:cleemuND/UnWTm2t2105dRyql/Ys4QN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
175b237d067ae6a7fb501aa72c15fbd4bc833d6c3522aaedea59961ce0e46b80

Files

175b237d067ae6a7fb501aa72c15fbd4bc833d6c3522aaedea59961ce0e46b80
.exe windows:5 windows x86 arch:x86

d3547babf556b68f5ebec7b667e002ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegOpenKeyA

user32

AdjustWindowRect

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetCPInfo
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

GetEnhMetaFilePaletteEntries

version

VerQueryValueA

mpr

WNetGetConnectionA

ole32

ProgIDFromCLSID

comctl32

ImageList_Read

imm32

ImmIsIME

wininet

InternetCloseHandle

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA

d3d9

Direct3DCreate9

msvcrt

fclose

d3dx9_43

D3DXCreateTexture

winmm

timeBeginPeriod

ws2_32

recv

ntdll

RtlNtStatusToDosError

Sections

.text
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 579KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3547babf556b68f5ebec7b667e002ac

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

ole32

comctl32

imm32

wininet

shell32

comdlg32

d3d9

msvcrt

d3dx9_43

winmm

ws2_32

ntdll

Sections

.text Size: - Virtual size: 2.3MB

.itext Size: - Virtual size: 7KB

.data Size: - Virtual size: 118KB

.bss Size: - Virtual size: 579KB

.idata Size: - Virtual size: 15KB

.tls Size: - Virtual size: 56B

.rdata Size: - Virtual size: 24B

UPX0 Size: - Virtual size: 1.8MB

UPX1 Size: 2.8MB - Virtual size: 2.8MB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 2.3MB

.itext
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 118KB

.bss
Size: - Virtual size: 579KB

.idata
Size: - Virtual size: 15KB

.tls
Size: - Virtual size: 56B

.rdata
Size: - Virtual size: 24B

UPX0
Size: - Virtual size: 1.8MB

UPX1
Size: 2.8MB - Virtual size: 2.8MB

.rsrc
Size: 2KB - Virtual size: 1KB