0df66ab58f9538db625467ca22d2d0195dd28ee6f1b093644e77f53a480e3a14

Sharing

Copy URL Twitter E-mail

General

Target

0df66ab58f9538db625467ca22d2d0195dd28ee6f1b093644e77f53a480e3a14
Size

2.8MB
MD5

c8d7cdb429071585cb663e3aa39c0ce7
SHA1

c723122a1da19b03f497649a2ee6d98e46f8b78e
SHA256

0df66ab58f9538db625467ca22d2d0195dd28ee6f1b093644e77f53a480e3a14
SHA512

fd1c0a627ec4ba53a2ee805d444502feaff351a12d92c136a3335c9fb385fe147ccd4ec2853cf623fade4709ef447e26b5cd4cf3cd3acbfb341eaa3821e93337
SSDEEP

49152:GcSyISQcrV3m95AA0Yq91n3OO6Tw7+NqrP+9YYPGYltM8Ej:GcS7SQcx2zAA0Vr355EqrP+uYP3q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0df66ab58f9538db625467ca22d2d0195dd28ee6f1b093644e77f53a480e3a14

Files

0df66ab58f9538db625467ca22d2d0195dd28ee6f1b093644e77f53a480e3a14
.dll windows:4 windows x86 arch:x86

9574053de954aa4f3ac3b6efdccc805f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80

ord1671

msvcr80

_amsg_exit

kernel32

AddVectoredExceptionHandler

user32

SetForegroundWindow

gdi32

SetTextColor

advapi32

LookupPrivilegeValueA

shlwapi

PathFileExistsA

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

gethostname

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Exports

Exports

AutoJIN
HotJIN
HotJUN

Sections

.text
Size: 240KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPXdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPXdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9574053de954aa4f3ac3b6efdccc805f

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shlwapi

msvcp80

ws2_32

msvcrt

iphlpapi

psapi

shell32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 720KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 40KB - Virtual size: 148KB

.rsrc Size: 12KB - Virtual size: 32KB

.reloc Size: - Virtual size: 92KB

.UPXdata Size: 2.4MB - Virtual size: 2.4MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.UPXdata Size: 4KB - Virtual size: 4KB

.text
Size: 240KB - Virtual size: 720KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 40KB - Virtual size: 148KB

.rsrc
Size: 12KB - Virtual size: 32KB

.reloc
Size: - Virtual size: 92KB

.UPXdata
Size: 2.4MB - Virtual size: 2.4MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.UPXdata
Size: 4KB - Virtual size: 4KB