09a6589d06f5ba17d65dddde891174ebeb0bfc5e261162566f1316b4c542f728

Sharing

Copy URL Twitter E-mail

General

Target

09a6589d06f5ba17d65dddde891174ebeb0bfc5e261162566f1316b4c542f728
Size

1.3MB
MD5

4896a81309b569e19e80f67925628150
SHA1

7403264b753ab668c35ffe60b1c3fd2d0eafe6ac
SHA256

09a6589d06f5ba17d65dddde891174ebeb0bfc5e261162566f1316b4c542f728
SHA512

5acf5753b95e161b5c5e38d33572fecac8dce79b45779888ce684a7da0ae343972094b95d0b5a1db19b763f01bbaa0d95f4cb967e757bc921392d569b995b658
SSDEEP

24576:nv99sJnCXgh3f66FahkvzMZqObAFF+rSamcOPNoGq2dCH29eDYLTm4iqI4SwvHJG:nbLghUE7UlM0rH2p3iqI4SSpkj

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

09a6589d06f5ba17d65dddde891174ebeb0bfc5e261162566f1316b4c542f728
.exe windows x86

ba2c951394625d585f2067ca6db4a935

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
Sleep
IsBadReadPtr
IsBadWritePtr
WideCharToMultiByte
GetTickCount
FlushFileBuffers
SearchPathW
SetConsoleOutputCP
SetConsoleCP
SetConsoleWindowInfo
SetConsoleScreenBufferSize
AllocConsole
FreeConsole
ReadConsoleInputW
PeekConsoleInputW
WaitForMultipleObjects
GetStdHandle
WaitForSingleObject
CreateProcessW
GetConsoleTitleW
GetConsoleOutputCP
GetConsoleCP
SetEnvironmentVariableW
TerminateProcess
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
FindNextFileW
FindClose
GetFileSizeEx
GetDiskFreeSpaceExW
SetFilePointerEx
GetCurrentDirectoryW
RemoveDirectoryW
CreateFileW
CopyFileExW
MoveFileExW
ExpandEnvironmentStringsW
FindFirstFileW
GetFileType
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
SetCurrentDirectoryW
GetCompressedFileSizeW
CreateHardLinkW
GetFullPathNameW
DeleteFileW
GetFileTime
GetOEMCP
GetACP
SystemTimeToFileTime
GetSystemTime
GetSystemTimeAsFileTime
FileTimeToDosDateTime
LCMapStringW
GetCPInfo
ReleaseMutex
CreateMutexW
SetVolumeMountPointW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
DefineDosDeviceW
FindFirstChangeNotificationW
FindCloseChangeNotification
GetCPInfoExW
EnumSystemCodePagesW
GetModuleHandleW
GlobalMemoryStatusEx
GetComputerNameW
SetStdHandle
SetConsoleMode
GetConsoleMode
FlushConsoleInputBuffer
WriteConsoleInputW
SetConsoleCursorPosition
SetConsoleCursorInfo
GetConsoleCursorInfo
DeleteCriticalSection
WriteConsoleOutputW
ReadConsoleOutputW
SetConsoleActiveScreenBuffer
GetLocalTime
SetConsoleCtrlHandler
GetLargestConsoleWindowSize
GetConsoleWindow
CompareStringW
CompareStringA
SetErrorMode
IsDebuggerPresent
GetVersionExW
LocalFree
FormatMessageW
GetLocaleInfoW
GetLogicalDrives
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTempFileNameW
GetCurrentProcessId
GetConsoleAliasW
GetDiskFreeSpaceW
OpenProcess
SetFileApisToOEM
LoadLibraryExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CompareFileTime
GetNumberFormatW
WriteProcessMemory
VirtualProtect
CreateFileA
WriteConsoleW
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LoadLibraryA
LCMapStringA
VirtualQuery
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
GetModuleFileNameA
RtlUnwind
GetStartupInfoA
SetHandleCount
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetProcessHeap
GetVersionExA
ExitProcess
GetModuleHandleA
CreateThread
ResumeThread
ExitThread
HeapReAlloc
HeapAlloc
HeapFree
InitializeCriticalSection
MoveFileW
GetLongPathNameW
GetShortPathNameW
SetConsoleTitleW
GetConsoleScreenBufferInfo
SetLastError
GetVolumeInformationW
GetFileInformationByHandle
SetEndOfFile
ReadFile
WriteFile
SetFileTime
GetLastError
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetDriveTypeW
CloseHandle
SetConsoleTextAttribute
DeviceIoControl

user32

GetWindowInfo
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
RegisterClipboardFormatW
GetWindowTextW
CharUpperBuffW
IsIconic
IsZoomed
MessageBeep
GetDoubleClickTime
FlashWindowEx
CharLowerW
CharToOemBuffW
EnumWindows
GetWindowThreadProcessId
SystemParametersInfoW
SetForegroundWindow
GetWindowPlacement
ShowWindowAsync
IsWindowVisible
GetWindowLongW
GetWindowTextLengthW
EnumClipboardFormats
CharUpperW
WaitForInputIdle
PostMessageW
GetKeyboardLayoutList
MapVirtualKeyExA
VkKeyScanExA
IsCharAlphaNumericA
OemToCharBuffA
CharUpperA
CharToOemA
OemToCharA
IsCharAlphaA
IsCharLowerA
IsCharUpperA
CharLowerA
IsCharAlphaNumericW
IsCharAlphaW
IsCharUpperW
GetAsyncKeyState
VkKeyScanA
MapVirtualKeyA
GetKeyState
keybd_event
IsCharLowerW
CharLowerBuffW
SendMessageW
CopyIcon

winspool.drv

ClosePrinter
EnumPrintersW
OpenPrinterW
StartDocPrinterW
WritePrinter
ord203
EndDocPrinter

advapi32

AdjustTokenPrivileges
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
EqualSid
EncryptFileW
DecryptFileW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
SetFileSecurityW
GetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
GetUserNameW
RegEnumValueW
IsTextUnicode
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
GetSecurityDescriptorOwner

shell32

ShellExecuteW
SHFileOperationW
ExtractIconExW
ShellExecuteExW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW
WNetGetUniversalNameW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba2c951394625d585f2067ca6db4a935

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

mpr

ole32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 75KB - Virtual size: 136KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 39KB - Virtual size: 38KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 75KB - Virtual size: 136KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 39KB - Virtual size: 38KB

.UPX0
Size: 104KB - Virtual size: 252KB