a2f589aca162cf57bf7cfd6e21ef19d489e25ec6a52cbfd29a8a224a5a9f650d

Sharing

Copy URL Twitter E-mail

General

Target

a2f589aca162cf57bf7cfd6e21ef19d489e25ec6a52cbfd29a8a224a5a9f650d
Size

135KB
MD5

6e77305579d2b9b46fb9f3e04f9f69b8
SHA1

ebedc2e235a226bd125e81cec4880fb70ba4207c
SHA256

a2f589aca162cf57bf7cfd6e21ef19d489e25ec6a52cbfd29a8a224a5a9f650d
SHA512

4214aa6d152462d31f1dd2056ac2ec4a9abac718f7bb1fc631448a17c3d2bd8768b64d497fdf8f212020fd189b8425cb31b0be38da415b518023005ee5adfeca
SSDEEP

3072:D+K/Si9rPXLJh1Gq+v+sNFwr1JIMj+sz2DXXsKEoMwOzVyOWONw:v/S+LH1Ma1iQ+K27nEQ

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a2f589aca162cf57bf7cfd6e21ef19d489e25ec6a52cbfd29a8a224a5a9f650d
.exe windows x86

2a091ab8fad32bd4abe2be63a621a143

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RevertToSelf
ImpersonateLoggedOnUser
DuplicateToken
GetTokenInformation
CredpEncodeSecret
CredRestoreCredentials
CredBackupCredentials

kernel32

LocalFree
LocalAlloc
GetFileSizeEx
CreateThread
DuplicateHandle
CreateFileW
SetEvent
GlobalFree
GetCommandLineW
HeapSetInformation
CreateEventW
OpenProcess
WriteFile
DeleteFileW
GetTempFileNameW
ReadFile
WaitForMultipleObjects
GetOverlappedResult
SleepEx
GetLastError
GetTempPathW
FormatMessageW
HeapFree
GetProcessHeap
HeapAlloc
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
CloseHandle
CancelIo
SetLastError

gdi32

CreateFontIndirectW
GetObjectW

user32

EnableWindow
SendMessageW
GetDlgItem
PostMessageW
GetParent
ShowWindow
SetFocus
LoadStringW
CheckRadioButton
SetWindowLongW
GetDlgItemTextW
SendDlgItemMessageW
SetProcessDPIAware
SetWindowTextW
GetWindowLongW

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
_except_handler4_common
?terminate@@YAXXZ
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
swscanf
wcsncmp
memset
_controlfp
_vsnwprintf
__set_app_type

comctl32

PropertySheetW
CreatePropertySheetPageW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ntdll

TpAllocWait
NtOpenProcessToken
NtPrivilegeCheck
NtAdjustPrivilegesToken
NtClose
RtlNtStatusToDosError
TpReleaseWait
TpSetWait
TpWaitForWait

crypt32

CryptProtectData
CryptUnprotectData

rpcrt4

RpcStringBindingComposeW
RpcAsyncInitializeHandle
NdrAsyncClientCall
I_RpcExceptionFilter
RpcAsyncCancelCall
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcAsyncCompleteCall

shell32

CommandLineToArgvW

netapi32

NetApiBufferFree
NetValidatePasswordPolicy

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a091ab8fad32bd4abe2be63a621a143

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

comdlg32

ntdll

crypt32

rpcrt4

shell32

netapi32

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB