6b57f33a7f3b43fe3f0515dfae3124b668ecb7b502efedadd9ecaba595976b9b

Sharing

Copy URL Twitter E-mail

General

Target

6b57f33a7f3b43fe3f0515dfae3124b668ecb7b502efedadd9ecaba595976b9b
Size

678KB
MD5

8478ab798ecc71d9bb07f99cbb62ad11
SHA1

152a0b061d263f545bd61c1b80188932ea252c02
SHA256

6b57f33a7f3b43fe3f0515dfae3124b668ecb7b502efedadd9ecaba595976b9b
SHA512

fe17e77e619d5c7cc2b0ca59eb1ecb03c1e2a4ce3cc7e36e5ebb577400463800b9d1e8eb266ca0265bfc1168650b961cb4805b7b2c95f0b0b14acb5d5d5e30c8
SSDEEP

12288:0eMyBxe8pyF8QrGY4qZkVMjaG8v3gt7o1JDSU:0oxe8pAbh2fVSU

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/wLoader.exe	upx

Files

6b57f33a7f3b43fe3f0515dfae3124b668ecb7b502efedadd9ecaba595976b9b
.zip
wDetector.dll
.dll windows x86

21233dcb014a5bd5876b4c1b5add9c8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

user32

FindWindowA
CallWindowProcA
SetWindowLongA
GetKeyState
PostMessageA

ws2_32

ntohs
getsockname
getpeername

kernel32

FlushFileBuffers
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapReAlloc
GetTickCount
InitializeCriticalSection
GetPrivateProfileIntA
Sleep
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileStringA
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
CreateThread
CreateFileA
WriteFile
GetLocalTime
GetProcAddress
LoadLibraryA
VirtualQuery
SetUnhandledExceptionFilter
GetCurrentProcess
OpenProcess
Module32First
VirtualProtect
CreateToolhelp32Snapshot
Module32Next
GetCurrentProcessId
WriteProcessMemory
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
HeapFree
HeapAlloc
RaiseException
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
VirtualAlloc

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wDetector.ini
wDetector.txt
wLoader.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wLoader.ini

Sharing

General

Malware Config

Signatures

Files

21233dcb014a5bd5876b4c1b5add9c8a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

ws2_32

kernel32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 25KB

.reloc Size: 7KB - Virtual size: 7KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 104KB

UPX1 Size: 59KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 25KB

.reloc
Size: 7KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 104KB

UPX1
Size: 59KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 4KB