351ed55714e6bdc5bde38ac56cf483389ea4fa96f3f21319649bbfe77f842f56

Sharing

Copy URL

Twitter E-mail

General

Target

351ed55714e6bdc5bde38ac56cf483389ea4fa96f3f21319649bbfe77f842f56
Size

2.8MB
MD5

9971128da48b378a243ae90ad603135e
SHA1

4153d861df3badb5cde10a55e0cbb22b775e3365
SHA256

351ed55714e6bdc5bde38ac56cf483389ea4fa96f3f21319649bbfe77f842f56
SHA512

319945cf2daa602029451511de0ce28539e75411ceab80e9f0c2b20c57500ccb09ea3b147ae3ebbe5cb89a2615ccf80d56df00dc10972427b8f07f37f1eba4ae
SSDEEP

49152:/VxWr+8YaWCmmXNhOcfxxRHjwFc9ZUtgj55tIqSFU6DZMfXMb92maL9k:/Vxc+8YRmA8xljjetgjlIqaZMfwFaa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
351ed55714e6bdc5bde38ac56cf483389ea4fa96f3f21319649bbfe77f842f56

Files

351ed55714e6bdc5bde38ac56cf483389ea4fa96f3f21319649bbfe77f842f56
.dll windows:4 windows x86 arch:x86

76889564ec9990d33948b7a58671f9ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80

ord1671

msvcr80

_amsg_exit

kernel32

AddVectoredExceptionHandler

user32

EnumWindows

gdi32

SetTextColor

advapi32

LookupPrivilegeValueA

shlwapi

PathFileExistsA

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

gethostname

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Exports

Exports

AutoJIN
HotJIN
HotJUN

Sections

.text
Size: 244KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPXdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPXdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76889564ec9990d33948b7a58671f9ff

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shlwapi

msvcp80

ws2_32

msvcrt

iphlpapi

psapi

shell32

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 728KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 40KB - Virtual size: 148KB

.rsrc Size: 12KB - Virtual size: 32KB

.reloc Size: - Virtual size: 92KB

.UPXdata Size: 2.4MB - Virtual size: 2.4MB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.UPXdata Size: 4KB - Virtual size: 4KB

.text
Size: 244KB - Virtual size: 728KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 40KB - Virtual size: 148KB

.rsrc
Size: 12KB - Virtual size: 32KB

.reloc
Size: - Virtual size: 92KB

.UPXdata
Size: 2.4MB - Virtual size: 2.4MB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.UPXdata
Size: 4KB - Virtual size: 4KB