3c0a39fff074faeba31099262cbe18dd8831d31eeadb995b510ce467e1ee1b39

Sharing

Copy URL Twitter E-mail

General

Target

3c0a39fff074faeba31099262cbe18dd8831d31eeadb995b510ce467e1ee1b39
Size

2.9MB
MD5

fd7fbb08f20b0c5f61decc2fc963ddf2
SHA1

146e43beb0d879deb2056ec6574571443cf59aeb
SHA256

3c0a39fff074faeba31099262cbe18dd8831d31eeadb995b510ce467e1ee1b39
SHA512

7d07b3889336cd69d6eba7fcafe9da85d1f5203938b2fee613131136e09ca5cc0871671eeef85f4caae5a4dfd3607d1afbf526bc0f5a989cc59c86f086c6735e
SSDEEP

49152:d+ZOTXSLMlBf8AWfuVumq7NmUn5MitSNJQb0Th8FOvUvzBELsh8D1nSWWh/Ih9:cZOzSLMlBk/fWC7AUn5SJQIyFO8EC8DT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c0a39fff074faeba31099262cbe18dd8831d31eeadb995b510ce467e1ee1b39

Files

3c0a39fff074faeba31099262cbe18dd8831d31eeadb995b510ce467e1ee1b39
.dll windows:4 windows x86 arch:x86

f06a06bb865238ebbb2786521ff74d26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80

ord1671

msvcr80

_amsg_exit

kernel32

AddVectoredExceptionHandler

user32

AttachThreadInput

gdi32

SetTextColor

advapi32

LookupPrivilegeValueA

shlwapi

PathFileExistsA

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

gethostname

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Exports

Exports

AutoJIN
HotJIN
HotJUN

Sections

.text
Size: 252KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPXdata
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPXdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f06a06bb865238ebbb2786521ff74d26

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shlwapi

msvcp80

ws2_32

msvcrt

iphlpapi

psapi

shell32

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 752KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 40KB - Virtual size: 152KB

.rsrc Size: 12KB - Virtual size: 32KB

.reloc Size: - Virtual size: 96KB

.UPXdata Size: 2.5MB - Virtual size: 2.5MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.UPXdata Size: 4KB - Virtual size: 4KB

.text
Size: 252KB - Virtual size: 752KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 40KB - Virtual size: 152KB

.rsrc
Size: 12KB - Virtual size: 32KB

.reloc
Size: - Virtual size: 96KB

.UPXdata
Size: 2.5MB - Virtual size: 2.5MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.UPXdata
Size: 4KB - Virtual size: 4KB