0adc28e918f75659bdc87837f3818e6d1c4c5b5579fcc38c2d46aea429e42e79N

General

Target

0adc28e918f75659bdc87837f3818e6d1c4c5b5579fcc38c2d46aea429e42e79N
Size

208KB
MD5

cec752599de4d09d20c3e5e78a9ed250
SHA1

512e895cb8c99dcdd8eb03befbf92b8046d63046
SHA256

0adc28e918f75659bdc87837f3818e6d1c4c5b5579fcc38c2d46aea429e42e79
SHA512

f061ada44a3cd5818cb58d2332c694e7a57241d026e912bd0c2ee25a4ad5f0acca0afca581d7979d053fe881d6c5ab7ee6b32af32f4cd8c0ec93871f63d8f178
SSDEEP

1536:Y0PEBid2CKTF8qyfZGT76EYAI7zo7vc+LAp7QqEr:pPEY25T2pB07lYAkIv5Ep7E

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0adc28e918f75659bdc87837f3818e6d1c4c5b5579fcc38c2d46aea429e42e79N

Files

0adc28e918f75659bdc87837f3818e6d1c4c5b5579fcc38c2d46aea429e42e79N
.exe windows:4 windows x86 arch:x86

43db0bff210875128fe8c052a2ac1bc9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetCurrentDirectoryA
IsBadReadPtr
HeapReAlloc
WaitForSingleObject
ExitProcess
GetModuleHandleA
GetProcessHeap
WriteProcessMemory
GetStartupInfoA
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapFree
LCMapStringA
CreateProcessA
OpenProcess
GetProcessTimes
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateThread
VirtualQueryEx
ReadProcessMemory

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

msvcrt

malloc
free
modf
memmove
_CIfmod
sprintf
_CIpow
strncmp
??2@YAPAXI@Z
strrchr
_ftol
atoi
??3@YAXPAX@Z
strncpy
_strnicmp

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CLSIDFromString

oleaut32

RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
LoadTypeLi

shlwapi

PathFileExistsA

user32

GetWindowThreadProcessId
MessageBoxA
wsprintfA
GetClassNameA
GetWindowTextA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
EnumWindows

Sections

UPX0
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43db0bff210875128fe8c052a2ac1bc9

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

ole32

oleaut32

shlwapi

user32

Sections

UPX0 Size: 104KB - Virtual size: 104KB

UPX1 Size: 16KB - Virtual size: 16KB

.rsrc Size: 84KB - Virtual size: 84KB

UPX0
Size: 104KB - Virtual size: 104KB

UPX1
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 84KB - Virtual size: 84KB