3450fde708f05fab21b76f69b398b440N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3450fde708f05fab21b76f69b398b440N.exe
Size

180KB
MD5

3450fde708f05fab21b76f69b398b440
SHA1

c51b79f4c1b3a6756967be374a1fb5909cf4178d
SHA256

9c4e7e4debc02fe9c535d5aa4c373b23da7e90047dc69cf5eb24043c9e4f3a91
SHA512

39286e851117f909fecf2100ab238ee045a77114ce09ca9ffbaef5e89c36096ccee4d850298a1c56c2748af166ef072cf199bb21b279327fa496efc7a5de6b83
SSDEEP

1536:9tS2wdfvbFpSEBVuTTi0ViJDeK9On5eoOgTn:ytBvbOEBVG6De7OgTn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3450fde708f05fab21b76f69b398b440N.exe

Files

3450fde708f05fab21b76f69b398b440N.exe
.exe windows:4 windows x86 arch:x86

f19e767c5806406e789dbc5ab1a346ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
ExpandEnvironmentStringsA
lstrlenA
Sleep
MoveFileExA
GetModuleFileNameA
SetEvent
GetModuleHandleA
WaitForMultipleObjects
CreateThread
CreateEventA
TerminateThread
WaitForSingleObject
OpenProcess
lstrcmpiA
GetProcessHeap
GetLocaleInfoA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
SetFilePointer
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
HeapAlloc
VirtualProtect
HeapFree
HeapReAlloc
VirtualAlloc
VirtualQuery
InterlockedExchange
LoadLibraryA
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemInfo
UnhandledExceptionFilter
GetStdHandle
WriteFile
GetCurrentProcess
ExitProcess
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetProcAddress
TerminateProcess

advapi32

RegCloseKey
RegOpenKeyExA

psapi

EnumProcesses
GetModuleBaseNameA

user32

wsprintfA
DefWindowProcA
PostQuitMessage
UnregisterClassA
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
RegisterWindowMessageA
PostMessageA
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
SendMessageA
GetWindowTextA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

ws2_32

gethostbyname
gethostname
closesocket
recvfrom
sendto
setsockopt
socket
WSAStartup
send
connect
inet_addr
htons

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f19e767c5806406e789dbc5ab1a346ea

Headers

File Characteristics

Imports

kernel32

advapi32

psapi

user32

wininet

ws2_32

Sections

UPX0 Size: 68KB - Virtual size: 68KB

UPX1 Size: 36KB - Virtual size: 36KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 68KB - Virtual size: 68KB

UPX1
Size: 36KB - Virtual size: 36KB

UPX2
Size: 72KB - Virtual size: 72KB