a7b9f121d1a312424cc20e1e435b4f50N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a7b9f121d1a312424cc20e1e435b4f50N.exe
Size

124KB
MD5

a7b9f121d1a312424cc20e1e435b4f50
SHA1

991aba095815cf33bde8f2e0291fb8693e73a98c
SHA256

23c9dfa99ce302296df6e42d1b951388c1e43499e1344a27ca5352041f8b4428
SHA512

4c44ff97436af6f9b89ab50b62a47e5d5e7fed4e83573ba7fdefbde41d84097dd3f9caa339e2a1811414a13609239429398dd170899dad80075cd3477f40f3eb
SSDEEP

1536:O21WS7FgABjSi+V3SolRCPjqurPg3Nc79SrZNlV7yQ+htgVmsH7OHew3+Hf:3b7WOj5IRCP/sdc7+lCgksWR3+H

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7b9f121d1a312424cc20e1e435b4f50N.exe

Files

a7b9f121d1a312424cc20e1e435b4f50N.exe
.exe windows:4 windows x86 arch:x86

e228a43c8f1ef56026f1aeac91675ed4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetWindowsDirectoryA
Sleep
InitializeCriticalSection
CopyFileA
HeapDestroy
DeleteCriticalSection
GetVersionExA
HeapCreate
ReleaseMutex
LockResource
FindResourceA
CreateDirectoryA
MultiByteToWideChar
DeleteFileA
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
GetLocalTime
LoadResource
WriteFile
SetFilePointer
WideCharToMultiByte
SizeofResource
GetModuleFileNameA
lstrlenA
LoadLibraryA
FreeLibrary
HeapFree
GetProcessHeap
HeapReAlloc
HeapSize
GetTickCount
GetThreadLocale
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
GlobalLock
GlobalUnlock
GetModuleHandleA
GetCurrentThreadId
lstrcpyA
lstrcpynA
CreateFileA
GetFileTime
FileTimeToSystemTime
lstrcmpA
CloseHandle
lstrcatA
GetSystemInfo
HeapAlloc
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
InterlockedDecrement
GetLastError
MulDiv
ReadFile
GlobalAlloc
GetFileSize
lstrlenW
SetEndOfFile
GetProcAddress

advapi32

RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

comctl32

gdi32

GetObjectA
DeleteObject
CreateCompatibleBitmap
SelectObject
BitBlt
CreateCompatibleDC
GetDeviceCaps
SetTextColor
DeleteDC
CreateSolidBrush
CreateFontIndirectA
GetStockObject
SetBkMode

ole32

CoTaskMemFree
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

shell32

SHGetPathFromIDListA
ShellExecuteA
SHAppBarMessage
Shell_NotifyIconA
SHGetSpecialFolderLocation
ExtractAssociatedIconA

urlmon

URLDownloadToCacheFileA

user32

GetDlgItem
CallWindowProcA
GetSysColor
SetFocus
IsChild
GetFocus
ReleaseDC
GetDC
EndPaint
BeginPaint
RedrawWindow
GetClassNameA
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRect
GetWindowTextA
GetWindowTextLengthA
EnableWindow
GetActiveWindow
DialogBoxParamA
EndDialog
GetDlgItemTextA
LoadStringA
DestroyIcon
TrackPopupMenuEx
SetForegroundWindow
GetSubMenu
LoadMenuA
EnumWindows
SetDlgItemTextA
CheckDlgButton
SetWindowRgn
CreateWindowExA
SetWindowTextA
InvalidateRgn
DefWindowProcA
LoadCursorA
RegisterClassExA
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
SetWindowPos
PostMessageA
CharLowerBuffA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetCursorPos
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
MessageBoxA
IsWindow
ShowWindow
GetClientRect
FillRect
KillTimer
LoadIconA
SendMessageA
SetTimer
CreateDialogParamA
DestroyWindow
PostQuitMessage
IsDialogMessageA
RegisterWindowMessageA
UpdateWindow
IsWindowEnabled
IsDlgButtonChecked
wsprintfA
CharNextA
GetClassInfoExA
CharUpperBuffA
MapWindowPoints
SetWindowLongA

wininet

DeleteUrlCacheEntry

Sections

UPX0
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e228a43c8f1ef56026f1aeac91675ed4

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

ole32

oleaut32

shell32

urlmon

user32

wininet

Sections

UPX0 Size: 116KB - Virtual size: 116KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 8KB

UPX0
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 8KB