cadda0b89d34e674f7a81df1405efc2604d103a8ae455708fa9f80c898107038N

General

Target

cadda0b89d34e674f7a81df1405efc2604d103a8ae455708fa9f80c898107038N
Size

428KB
MD5

9a25849c7f3f60682d4b9513c899fbb0
SHA1

a0f27c6a9fc68a80cf4e0dbe5be4ee082a052bf0
SHA256

cadda0b89d34e674f7a81df1405efc2604d103a8ae455708fa9f80c898107038
SHA512

149fab4c917b842c1d30abb0e98b93202900a241b02c32b4bb3fe7b01f4e99fd9eee742e64f86cf96e99d06f4f62bd34a2efbaba59df65b06a1ecf2092a374bf
SSDEEP

6144:XT2GvWCN3+V1e1do19ADBx5qRS7RpQwFALzd:XyGvXpI1N1gfCwRpQ/d

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cadda0b89d34e674f7a81df1405efc2604d103a8ae455708fa9f80c898107038N

Files

cadda0b89d34e674f7a81df1405efc2604d103a8ae455708fa9f80c898107038N
.exe windows:4 windows x86 arch:x86

dc3314c1fde0284b71e93cf0573ca241

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
CreateEventW
FreeEnvironmentStringsW
GetCurrentProcessId
GetEnvironmentVariableA
GetFileSize
GetLocalTime
GetOEMCP
GetVersionExA
GetVersionExW
GlobalFree
IsValidCodePage
LCMapStringW
LeaveCriticalSection
OpenProcess
UnmapViewOfFile
VirtualAlloc

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
ImageList_Create
ImageList_Draw
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_SetOverlayImage
InitializeFlatSB
PropertySheetA

gdi32

AbortDoc
AddFontResourceA
CreateDIBPatternBrushPt
CreatePalette
Ellipse
GetBkColor
GetCharWidthA
GetCurrentObject
GetCurrentPositionEx
GetDCOrgEx
GetEnhMetaFileBits
GetTextExtentPointA
InvertRgn
MaskBlt
OffsetWindowOrgEx
PlayMetaFileRecord
PolyBezierTo
PolylineTo
PtInRegion
SaveDC
SelectObject
SetMapMode
SetPolyFillMode
SetWindowOrgEx
TextOutW

shell32

DoEnvironmentSubstW
ExtractIconExW
SHAppBarMessage
SHFileOperationA
SHGetDesktopFolder
SHGetFileInfo
SHGetFolderPathA
SHGetFolderPathW
SHGetPathFromIDListA
SHGetSpecialFolderPathA
ShellExecuteW

user32

CharLowerA
DeleteMenu
EqualRect
GetActiveWindow
GetDC
GetSubMenu
GetWindowDC
GetWindowLongA
IsWindowVisible
PostQuitMessage
PtInRect
RemoveMenu
UnregisterClassA
WinHelpA

Sections

UPX0
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc3314c1fde0284b71e93cf0573ca241

Headers

File Characteristics

Imports

kernel32

comctl32

gdi32

shell32

user32

Sections

UPX0 Size: 212KB - Virtual size: 212KB

UPX1 Size: 124KB - Virtual size: 124KB

.rsrc Size: 88KB - Virtual size: 88KB

UPX0
Size: 212KB - Virtual size: 212KB

UPX1
Size: 124KB - Virtual size: 124KB

.rsrc
Size: 88KB - Virtual size: 88KB