10fea9d61d3becfcfc3b5ac9ce2ff820N[.]exe

General

Target

10fea9d61d3becfcfc3b5ac9ce2ff820N.exe
Size

75KB
MD5

10fea9d61d3becfcfc3b5ac9ce2ff820
SHA1

fa7f286a0792a6ac747bbb898f3b3312d0274e75
SHA256

22cb050b933c302e61b9f0693350ed45ad21d46efb3ffd981424dd745b98f72f
SHA512

ea6a2b9ff06d7c02741ac248ccb716e3bbe582fcfb7d88ea646b982e31655aecb40a2da07e93d4e4fb3790ff8f4f36f9cf3c2bea2b766c20a1aea9aae61c47b1
SSDEEP

768:zngijDmbAqRjJS9KSVe4FH3Y7FTCS11vypqwhBvWIHbYyqAwtzJQ7rDGTRR:sijU+9N4FTCS11vrwrvm3A+i7cR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10fea9d61d3becfcfc3b5ac9ce2ff820N.exe

Files

10fea9d61d3becfcfc3b5ac9ce2ff820N.exe
.dll windows:4 windows x86 arch:x86

37ea8def748bc6db4f5cdb476bab5328

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
LocalFree
LoadLibraryA
GetProcAddress
WideCharToMultiByte
FreeLibrary
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
MultiByteToWideChar
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WriteFile
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

advapi32

LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
RegOpenKeyExA
RegEnumKeyW
LsaFreeMemory
RegCloseKey
RegQueryValueExA

user32

GetParent
GetWindowTextA
SendMessageA

Exports

Exports

DumpBox
DumpCF
DumpCache
DumpHashes
DumpHistory
DumpLsa

Sections

UPX0
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

37ea8def748bc6db4f5cdb476bab5328

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Exports

Exports

Sections

UPX0 Size: 72KB - Virtual size: 72KB

UPX2 Size: 512B - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 72KB - Virtual size: 72KB

UPX2
Size: 512B - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB