9f9699c5083b402eae59e13b9bb872db8b951c152950726db87fca6ed334d610N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9f9699c5083b402eae59e13b9bb872db8b951c152950726db87fca6ed334d610N.exe
Size

578KB
MD5

b52088e450ef03ff18b089f2638e54a0
SHA1

98c65f8876cd9c0065cf8ca2d0305d16d265e4ea
SHA256

9f9699c5083b402eae59e13b9bb872db8b951c152950726db87fca6ed334d610
SHA512

43312e853b0c6c721ec0bb7aa5ec4a6c3dbf1506a4e413209e4828bf30e23f3ba618dd27d94bcff52cc2aa33f933004e5b4ce6bd174961f6c95cfa5225aff53f
SSDEEP

6144:XV55pRPQdrFhbEhtVacLaN//2gWF6lxcBbmKm:XDDGdDbEh/a3tKj

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f9699c5083b402eae59e13b9bb872db8b951c152950726db87fca6ed334d610N.exe

Files

9f9699c5083b402eae59e13b9bb872db8b951c152950726db87fca6ed334d610N.exe
.exe windows:4 windows x86 arch:x86

5dc4d890d100a6a3aa07b5c431c18838

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetLocalTime
CreateThread
GlobalUnlock
GlobalLock
SetFileTime
GetFileTime
GlobalMemoryStatus
FindClose
FindNextFileA
FindFirstFileA
ReadFile
GetFileSize
GetCurrentProcess
TerminateProcess
OpenProcess
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
ExitThread
WriteFile
GetStartupInfoA
CreatePipe
GlobalAlloc
GetComputerNameA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetFileAttributesA
DeleteFileA
GetCurrentDirectoryA
GetLogicalDriveStringsA
TerminateThread
GetVersionExA
ExitProcess
GetTickCount
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetTempPathA
OpenMutexA
Sleep
CreateProcessA
CloseHandle
CreateMutexA
CopyFileA
PeekNamedPipe
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetCommandLineA
RtlUnwind
GetSystemTime
GetTimeZoneInformation
RemoveDirectoryA

advapi32

ControlService
RegDeleteKeyA
QueryServiceStatus
EnumDependentServicesA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

user32

GetClipboardData
OpenClipboard
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
CloseClipboard
GetClassNameA
PostMessageA
EnumChildWindows
IsWindowVisible
EnumWindows
ExitWindowsEx
ShowWindow
MessageBoxA

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetCloseHandle

ws2_32

send
htons
inet_addr
gethostbyname
inet_ntoa
socket
connect
WSAStartup
closesocket
WSACleanup
getsockname
accept
select
listen
htonl
bind
gethostbyaddr
ntohl
WSASocketA
sendto
__WSAFDIsSet
setsockopt
WSAAsyncSelect
gethostname
WSAIoctl
recv
ntohs

Sections

UPX0
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5dc4d890d100a6a3aa07b5c431c18838

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

wininet

ws2_32

Sections

UPX0 Size: 128KB - Virtual size: 128KB

UPX1 Size: 84KB - Virtual size: 84KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 128KB - Virtual size: 128KB

UPX1
Size: 84KB - Virtual size: 84KB

UPX2
Size: 72KB - Virtual size: 72KB