afb4a2583c107717cfbb9bb2d0a5d3d7afa4a410843f797bb571a126d5fb2e8fN

Sharing

Copy URL Twitter E-mail

General

Target

afb4a2583c107717cfbb9bb2d0a5d3d7afa4a410843f797bb571a126d5fb2e8fN
Size

236KB
MD5

4995d2f5993f03a603ca5b4eface23d0
SHA1

df9a37f01f8d86469d0519d944b35000092340fe
SHA256

afb4a2583c107717cfbb9bb2d0a5d3d7afa4a410843f797bb571a126d5fb2e8f
SHA512

c1e87cd6f086593a54d5ac3d112d92b71bab044523d625f15ca3edd1bbb5af67abc962bc17e99d50992200260332169404162cdf3fdb7f42bf4ef322915cbf01
SSDEEP

3072:FJ0Bs3o8A4M3riN6MhGkgS3PL6pb9t16n5OkhBOPC/w/FnncroP9:PwDeM7iNEkgiOb31k1ECeJ/F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afb4a2583c107717cfbb9bb2d0a5d3d7afa4a410843f797bb571a126d5fb2e8fN

Files

afb4a2583c107717cfbb9bb2d0a5d3d7afa4a410843f797bb571a126d5fb2e8fN
.exe windows:4 windows x86 arch:x86

ebc6265200d8989371b723b2f52c43df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
ExpandEnvironmentStringsA
FormatMessageA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersionExA
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_isctype
_onexit
_pctype
_setmode
_stati64
_stricmp
_strnicmp
_sys_nerr
atexit
calloc
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
rand
realloc
setlocale
signal
sprintf
srand
sscanf
strchr
strcmp
strcpy
strerror
strncmp
strncpy
strrchr
strstr
strtol
strtoul
time
tolower
wcstombs
_read
_strdup
_unlink
_write

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
getpeername
getsockname
getsockopt
htons
ioctlsocket
ntohs
recv
select
send
setsockopt
socket

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebc6265200d8989371b723b2f52c43df

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ws2_32

Exports

Exports

Sections

UPX0 Size: 76KB - Virtual size: 76KB

UPX1 Size: 84KB - Virtual size: 84KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 76KB - Virtual size: 76KB

UPX1
Size: 84KB - Virtual size: 84KB

UPX2
Size: 72KB - Virtual size: 72KB