325148c6a9fcc2aee3cb0dc5d34d6e8136784ef4f90b07efcfd6a7ce5ade55d6

Sharing

Copy URL Twitter E-mail

General

Target

325148c6a9fcc2aee3cb0dc5d34d6e8136784ef4f90b07efcfd6a7ce5ade55d6
Size

236KB
MD5

397d978ef7ff8c3775b11779c7028ac4
SHA1

478d303573ab12b1bfc69b854a5c209f4974017c
SHA256

325148c6a9fcc2aee3cb0dc5d34d6e8136784ef4f90b07efcfd6a7ce5ade55d6
SHA512

20fc71dadbade99595da5787a868399f0bf11e8633b800055fc8df094fbaf8f84225da4f959ca68f98c785be4085b19a5c9d8b5e5100977771b5ea803697e696
SSDEEP

3072:xJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/E/FnncroP9:7wDeM7iNEkgiOb31k1ECyJ/F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
325148c6a9fcc2aee3cb0dc5d34d6e8136784ef4f90b07efcfd6a7ce5ade55d6

Files

325148c6a9fcc2aee3cb0dc5d34d6e8136784ef4f90b07efcfd6a7ce5ade55d6
.exe windows:4 windows x86 arch:x86

ebc6265200d8989371b723b2f52c43df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
ExpandEnvironmentStringsA
FormatMessageA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersionExA
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_isctype
_onexit
_pctype
_setmode
_stati64
_stricmp
_strnicmp
_sys_nerr
atexit
calloc
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
rand
realloc
setlocale
signal
sprintf
srand
sscanf
strchr
strcmp
strcpy
strerror
strncmp
strncpy
strrchr
strstr
strtol
strtoul
time
tolower
wcstombs
_read
_strdup
_unlink
_write

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
getpeername
getsockname
getsockopt
htons
ioctlsocket
ntohs
recv
select
send
setsockopt
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebc6265200d8989371b723b2f52c43df

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

UPX0 Size: 76KB - Virtual size: 76KB

UPX1 Size: 84KB - Virtual size: 84KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 76KB - Virtual size: 76KB

UPX1
Size: 84KB - Virtual size: 84KB

UPX2
Size: 72KB - Virtual size: 72KB