7cb39b2616473f487a2d7ce715540af102b3cd144a0c0144310093c2cd21a547

Sharing

Copy URL Twitter E-mail

General

Target

7cb39b2616473f487a2d7ce715540af102b3cd144a0c0144310093c2cd21a547
Size

471KB
MD5

996fe6f8be92ab594d2773eeeb82e391
SHA1

3e11d14a60a7dc92c289d8f3da36524d9e600fbd
SHA256

7cb39b2616473f487a2d7ce715540af102b3cd144a0c0144310093c2cd21a547
SHA512

02d5ac254febdbc014f92b83b0f6a2c47718e25f647f06ae65987e443cabc39efb389c36299c5168c6de7d43966573de612bab2e018a770caccf7e821b1e95ce
SSDEEP

12288:JscIXHz1efrP9t1iaRF1P3DVbWkymI/GBCoV1bbS/RCn1G:JscyHz8Rt1iAF1P35HdBCo8RCg

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1861 Pro Koxp/Data/APR.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Files

7cb39b2616473f487a2d7ce715540af102b3cd144a0c0144310093c2cd21a547
.rar
1861 Pro Koxp/Data/APR.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1861 Pro Koxp/Data/KM Multi.exe
.exe windows x86

8b83928a4a561f71c8004c664754823a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
FormatMessageA
CreateRemoteThread
VirtualFreeEx
ReadProcessMemory
GetFileAttributesA
Beep
ReadFile
GetCompressedFileSizeA
Module32First
GetLastError
lstrcmpiA
GetProcAddress
VirtualProtectEx
VirtualAllocEx
GetCurrentProcess
GetProcessId
GetExitCodeThread
GetModuleHandleA
CreateToolhelp32Snapshot
Module32Next
CloseHandle
LocalFree
WriteProcessMemory
Sleep
FreeConsole
CreateProcessA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentThreadId
GetTickCount
GetSystemTimeAsFileTime
GetFileSize
CreateFileA
QueryPerformanceCounter
IsDebuggerPresent
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

user32

MessageBoxA
FindWindowA

msvcr90

strrchr
??2@YAPAXI@Z
gets
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
??3@YAXPAX@Z
printf
memchr
sprintf
memcpy
memset
vsprintf
__CxxFrameHandler3

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1861 Pro Koxp/Data/KM Multi.ini
1861 Pro Koxp/Data/StealthGuard.dll
.dll windows x86

db5428a559aab1b6cf13781082f83f9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
VirtualProtect
lstrcmpiA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1861 Pro Koxp/Data/uyeol.gif
.gif
1861 Pro Koxp/KM Multi.ini
1861 Pro Koxp/StealthGuard.dll
.dll windows x86

db5428a559aab1b6cf13781082f83f9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
VirtualProtect
lstrcmpiA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1861 Pro Koxp/server.exe
.exe windows x86

37e5cd84df37fde8ce28f4ac4753b9a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaStrCat
ord553
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarForInit
__vbaExitProc
__vbaFileCloseAll
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaGet3
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
ord713
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord531
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarSetVar
__vbaI4Var
__vbaVarLateMemStAd
ord610
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
ord612
__vbaVarLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
ord542
ord543
_allmul
ord544
__vbaVarLateMemCallSt
ord545
_CItan
ord547
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 456KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 21KB - Virtual size: 21KB

8b83928a4a561f71c8004c664754823a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr90

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 900B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 1024B - Virtual size: 1004B

db5428a559aab1b6cf13781082f83f9d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

db5428a559aab1b6cf13781082f83f9d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

37e5cd84df37fde8ce28f4ac4753b9a5

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 88KB - Virtual size: 86KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 456KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 900B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 1024B - Virtual size: 1004B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 88KB - Virtual size: 86KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB