ddb12ef869bce8402b557ed5e9612070491af03c80a2714b9ceed3c21bd9f362

Sharing

Copy URL

Twitter E-mail

General

Target

ddb12ef869bce8402b557ed5e9612070491af03c80a2714b9ceed3c21bd9f362
Size

672KB
MD5

51f79294c352c577d1896e80624c8e00
SHA1

f4565b7db65f8a4ebf260885291632f86461ba71
SHA256

ddb12ef869bce8402b557ed5e9612070491af03c80a2714b9ceed3c21bd9f362
SHA512

20019e5e39c67262722f5def7b032ef93c9d1411c87032f8212ed60f97158ec568a1243e1510bdb36dd41309b71eacf586d410b93ba9bb136251130d26b69b88
SSDEEP

12288:gnjv9IQAiBZt2AwG+a7VPezAYFdk/Lr4IE3nMTbwN:slI1CZkyIAQQQR3MA

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

ddb12ef869bce8402b557ed5e9612070491af03c80a2714b9ceed3c21bd9f362
.exe windows x86

ae88a5346cc7c56212fe57a5285c9cd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Reenumerate_DevNode
CM_Locate_DevNodeA
CM_Get_DevNode_Status_Ex

setupapi

SetupDiDestroyDriverInfoList
SetupDiGetDeviceInfoListDetailA
SetupDiGetClassDevsExA
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupDiDeleteDevRegKey
SetupDiClassGuidsFromNameA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiOpenDeviceInfoA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiSetDeviceInstallParamsA
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
SetupDiRegisterDeviceInfo
SetupIterateCabinetA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupPromptReboot
SetupCopyOEMInfA
SetupOpenInfFileA
SetupInitDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupInstallFromInfSectionA
SetupFindFirstLineA
SetupGetStringFieldA
SetupFindNextLine
SetupCloseInfFile

winmm

waveOutOpen

kernel32

MoveFileA
GetVolumeInformationA
SetEndOfFile
UnlockFile
lstrcpynA
lstrcmpiA
ResumeThread
SetThreadPriority
SuspendThread
LoadResource
GetCurrentThreadId
LockResource
GlobalUnlock
GlobalLock
SetLastError
GetCurrentThread
GlobalDeleteAtom
GetModuleHandleA
GlobalFindAtomA
FindResourceA
GlobalGetAtomNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GlobalAddAtomA
FlushFileBuffers
LockFile
SetErrorMode
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
MulDiv
GlobalFlags
SetFilePointer
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
CreateThread
WriteFile
SetStdHandle
GetFileType
GetFileTime
ExitThread
ReadFile
GetACP
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetLocaleInfoA
GetExitCodeProcess
GetLocaleInfoW
SetEnvironmentVariableA
SetCommTimeouts
SetupComm
EscapeCommFunction
DeleteFileA
lstrcpyA
lstrcatA
CreateSemaphoreA
ExitProcess
OpenProcess
Sleep
GetFileAttributesExA
RemoveDirectoryA
CreateDirectoryA
CreateEventA
GetSystemDirectoryA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
FindNextFileA
CreateProcessA
GetLastError
WaitForSingleObject
CloseHandle
LoadLibraryA
GetProcAddress
RaiseException
FindFirstFileA
FindClose
FreeLibrary
GetVersionExA
GetModuleFileNameA
GetCurrentProcess
GetFullPathNameA
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcessId
GlobalAlloc
OpenEventA
SetEvent
lstrlenA
LocalAlloc
LocalFree
GetVersion
MoveFileExA
GetShortPathNameA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
TerminateProcess
DeviceIoControl
lstrcmpA
WritePrivateProfileStringA
GetFileAttributesA
SetFileAttributesA
CreateFileA
GetCommState
SetCommState
HeapSize
HeapReAlloc
EnterCriticalSection
GetFileSize
FileTimeToSystemTime

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
ReleaseDC
GetDC
LoadCursorA
GetSysColorBrush
GetClassNameA
PtInRect
TabbedTextOutA
DrawTextA
GrayStringA
ClientToScreen
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
GetClientRect
CopyRect
DestroyMenu
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetLastActivePopup
SetCursor
PostQuitMessage
PostMessageA
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExA
GetSystemMetrics
CharUpperA
GetWindowRect
LoadIconA
KillTimer
SetTimer
EnableWindow
LoadBitmapA
wsprintfA
GetShellWindow
GetWindowThreadProcessId
IsWindowVisible
GetForegroundWindow
LoadStringA
EnumWindows
GetWindowTextA
GetFocus
SetFocus
SendMessageA
IsWindow
MessageBoxA
PeekMessageA
GetMessageA
UnregisterClassA

gdi32

ScaleWindowExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
ScaleViewportExtEx
RestoreDC
SaveDC
DeleteDC
GetStockObject
SelectObject
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
ControlService
QueryServiceStatus
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegDeleteValueA
OpenSCManagerA
OpenServiceA
RegCloseKey
RegEnumValueA
DeleteService
CloseServiceHandle
RegOpenKeyA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyA

shell32

ord680
ShellExecuteA

comctl32

ord17

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae88a5346cc7c56212fe57a5285c9cd1

Headers

File Characteristics

Imports

cfgmgr32

setupapi

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 372KB - Virtual size: 371KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 48KB - Virtual size: 61KB

.rsrc Size: 84KB - Virtual size: 81KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 372KB - Virtual size: 371KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 48KB - Virtual size: 61KB

.rsrc
Size: 84KB - Virtual size: 81KB

.UPX0
Size: 108KB - Virtual size: 260KB