2aeb5b6b6d6dbc29ed58ee45d42f233468fef459638f11102440192508bca436

Sharing

Copy URL Twitter E-mail

General

Target

2aeb5b6b6d6dbc29ed58ee45d42f233468fef459638f11102440192508bca436
Size

104KB
MD5

15225acf977c27cea123e9ec8dc38889
SHA1

032f1a05a75b6735451102899c81e8510e0a2a34
SHA256

2aeb5b6b6d6dbc29ed58ee45d42f233468fef459638f11102440192508bca436
SHA512

3290fc434e6d2320ace8d87303f07d4d5a4fac2e69ef03c661ec446bcc90f0ee81c487957ec4ff35f80f0f3d59ba339079178113f754c9e418231ce33954d0c8
SSDEEP

1536:F0wpBKXLLIW8sbwfbBJY7WtuqKcJPaRkuTfAVe7mqiIEIgkHq:F3B0LIW1EfbBwBq1yR7sXqiI/

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

2aeb5b6b6d6dbc29ed58ee45d42f233468fef459638f11102440192508bca436
.exe windows x86

ee1b7071a3a7c33e213fc9edf3153038

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
ntohs
closesocket
recv
select
socket
gethostbyname
inet_addr
send
connect
WSACleanup
WSAStartup
sendto

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

kernel32

GetStartupInfoA
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
GetCurrentProcess
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
GetTickCount
CloseHandle
CreateProcessA
lstrlenA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcpyA
lstrcmpA
HeapAlloc
GetProcessHeap
lstrcmpiA
lstrcatA
lstrcpynA
GlobalFree
ExitThread
InterlockedDecrement
InterlockedIncrement
HeapFree
CreateThread
Sleep
DeleteFileA
GetFileSize
CreateFileA
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
ReadFile
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetDriveTypeA
GetSystemDirectoryA
SetThreadPriority
GetCurrentThread
GetSystemTime
SetFilePointer
WriteFile
WinExec
GetLastError
TerminateThread
ExitProcess
CreateMutexA
GetVersionExA
GlobalMemoryStatus
TerminateProcess
OpenProcess

user32

CharLowerA
CharUpperBuffA
CharUpperA
wvsprintfA
wsprintfA

advapi32

RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyA
RegSetValueExA
RegEnumKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

msvcr70

toupper
isxdigit
isalnum
isspace
strtok
sprintf
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
isdigit
??2@YAPAXI@Z
rand
srand
_vsnprintf
_purecall
free
malloc
exit
fread
fclose
ftell
fseek
fopen
tolower
strstr
fprintf
fgets
strncat
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_except_handler3
_CxxThrowException
fwrite

msvcp70

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee1b7071a3a7c33e213fc9edf3153038

Headers

File Characteristics

Imports

ws2_32

wininet

kernel32

user32

advapi32

shell32

msvcr70

msvcp70

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 7KB

UPX2 Size: 20KB - Virtual size: 16KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 7KB

UPX2
Size: 20KB - Virtual size: 16KB