9a97fc502ee4c9e6e3e14b715936e40abd425f9614cfcf3ad24d14cffc2a3aba[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9a97fc502ee4c9e6e3e14b715936e40abd425f9614cfcf3ad24d14cffc2a3aba.exe
Size

368KB
MD5

fe83c3d8f04d50eb1b5d2fe6904f084c
SHA1

e1e11405c0f7f32d0bb49cdab00f67b963cbd6f5
SHA256

9a97fc502ee4c9e6e3e14b715936e40abd425f9614cfcf3ad24d14cffc2a3aba
SHA512

42178f09b634cb54c386de4dbb96073c832c918e370e3f5541b844f71ac0abe71d53d496c3e4af1148c848dab8dff00e8ab846519c6c52b80300e206e9dfbe11
SSDEEP

3072:xcQz6R5eAuOOX7SMpNjxN4yjNEWt0kamYyROzoTq0+RO7IwnYPPPLtap1u4fSEMm:GQz6R5TuJSMjFqW7NHkdNwBBpYeOjeTD

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a97fc502ee4c9e6e3e14b715936e40abd425f9614cfcf3ad24d14cffc2a3aba.exe

Files

9a97fc502ee4c9e6e3e14b715936e40abd425f9614cfcf3ad24d14cffc2a3aba.exe
.exe windows:10 windows x86 arch:x86

0d38267788c1f87a9d78b8a304a557bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
ExitProcess
GetCurrentProcessId
QueryPerformanceCounter
LeaveCriticalSection
InterlockedIncrement
SetLastError
GetModuleHandleA
LoadLibraryA
LoadLibraryA
GetCurrentProcessId
GetModuleHandleA
VirtualFree
WriteFile
VirtualAlloc
UnhandledExceptionFilter
HeapFree
GetCurrentThreadId
InitializeCriticalSection
GetProcessHeap
GetCurrentThreadId
ReadFile
LoadLibraryA
GetModuleHandleW
HeapReAlloc
MultiByteToWideChar
CreateThread
GetProcessHeap
SetUnhandledExceptionFilter
GetStartupInfoA
CloseHandle
LocalFree
ExitProcess
HeapFree
GetCurrentProcessId
WaitForSingleObject
GetCommandLineW
SetEvent
GetModuleFileNameA
CreateFileW
CreateFileA
GetCommandLineA
CreateThread
LoadLibraryW
DeleteCriticalSection
VirtualAlloc
SetLastError
ReadFile
WaitForSingleObject
LeaveCriticalSection
GetCurrentProcess
GetCommandLineW
DeleteCriticalSection
GetCommandLineW
GetCommandLineW
SetUnhandledExceptionFilter
HeapDestroy
SetFilePointer
MultiByteToWideChar
GetACP
WaitForSingleObject
FormatMessageW
ExitProcess
LeaveCriticalSection
InterlockedDecrement
GetCommandLineW
SetLastError
VirtualFree
GetStartupInfoA
GetCurrentProcess
GetACP
GetProcessHeap
GetModuleHandleA
GetTickCount
TerminateProcess
lstrcpyW
HeapAlloc
Sleep
CreateThread

shell32

SHGetSpecialFolderPathW
DragAcceptFiles
DragQueryFileW
CommandLineToArgvW
ExtractIconExW
DragAcceptFiles
ExtractIconExW
SHChangeNotify
SHGetDesktopFolder
SHGetDesktopFolder
ExtractIconW
DragAcceptFiles
SHGetDesktopFolder
SHGetDesktopFolder
SHGetPathFromIDListW
DragQueryFileW
SHGetFileInfoW
DragAcceptFiles
SHGetMalloc
SHGetFolderPathW
SHGetMalloc
ShellExecuteExW
SHGetDesktopFolder
ShellAboutW
Shell_NotifyIconW
Shell_NotifyIconW
SHGetSpecialFolderLocation
Shell_NotifyIconW
Shell_NotifyIconW
DragAcceptFiles
CommandLineToArgvW
SHGetPathFromIDListW
CommandLineToArgvW
Shell_NotifyIconW
DragQueryFileW
CommandLineToArgvW
ExtractIconW
ExtractIconW
SHGetMalloc
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
DragQueryFileW
SHGetMalloc
ShellAboutW
SHGetFolderPathW
SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ExtractIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHChangeNotify
DragFinish
SHGetDesktopFolder
ShellAboutW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
DragQueryFileW
SHGetFolderPathW
ShellAboutW
ShellExecuteExW
ExtractIconExW
SHChangeNotify
SHChangeNotify
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconW
SHChangeNotify
SHGetSpecialFolderLocation

user32

GetDesktopWindow
LoadMenuW
MessageBoxA
SendMessageA
SetCursor
GetDlgItem
MessageBoxW
wsprintfW
GetSystemMetrics
IsDialogMessageW
MessageBoxA
DrawTextW
WinHelpW
SetForegroundWindow
DispatchMessageA
SetForegroundWindow
CharNextW
FindWindowW
EndPaint
CallWindowProcW
RegisterClassExW
FillRect
MessageBeep
SetForegroundWindow
EndDialog
SetTimer
ReleaseCapture
CloseClipboard
GetCursorPos
GetClientRect
EndPaint
LoadStringA
SetFocus
TranslateMessage
SendDlgItemMessageW
GetWindowRect
UpdateWindow
SetCapture
wsprintfW
GetDlgItem
GetWindow
GetParent
DispatchMessageW
EndDialog
IsWindowVisible
DefWindowProcW
RegisterClassW
DestroyMenu
SetWindowLongW
GetDlgItem
PeekMessageW
MessageBoxA
IsDialogMessageW
wsprintfW
GetDesktopWindow
GetClientRect
FindWindowW
ShowWindow
IsWindowVisible
GetKeyState
IsWindowVisible
LoadStringA
EnableWindow
CreateDialogParamW
PostQuitMessage
LoadStringA
SendDlgItemMessageW
DestroyMenu
KillTimer
SendMessageA
DispatchMessageA
MapWindowPoints
GetSysColor
GetFocus
GetWindow
DrawTextW
GetCursorPos
MessageBeep
PostQuitMessage
LoadIconW

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0d38267788c1f87a9d78b8a304a557bc

Headers

File Characteristics

Imports

kernel32

shell32

user32

Sections

UPX0 Size: 120KB - Virtual size: 120KB

UPX1 Size: 56KB - Virtual size: 56KB

.rsrc Size: 4KB - Virtual size: 4KB

.rmnet Size: 184KB - Virtual size: 184KB

UPX0
Size: 120KB - Virtual size: 120KB

UPX1
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 4KB

.rmnet
Size: 184KB - Virtual size: 184KB