beb654d6d3d10ab980fe4f9299e0866c6683f0dbf2a4aa2dce66eac8dbe8be2a

Sharing

Copy URL Twitter E-mail

General

Target

beb654d6d3d10ab980fe4f9299e0866c6683f0dbf2a4aa2dce66eac8dbe8be2a
Size

178KB
MD5

6c3e975359b80dff76a2d5e10c01a3db
SHA1

275b61bbddbc87800d56f361c87c92e237b4fb9c
SHA256

beb654d6d3d10ab980fe4f9299e0866c6683f0dbf2a4aa2dce66eac8dbe8be2a
SHA512

241aeecddd208f11c296123a4350901de896c1d41fe43cb32bc6f7daad1321d5789f03bbee2fa7f1ce8f0d3d3273ef06900a30b025cecae4ed825220ac61a853
SSDEEP

3072:zg3rdl3z8UAc/kn5iB1AZisM7tiRUV4QuSuHDoLOLobVvPxwdkX3LBLfCphtlrlx:zcRtRtkn5iB+Z7M5i23uTDoW0Vu2nLAv

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

beb654d6d3d10ab980fe4f9299e0866c6683f0dbf2a4aa2dce66eac8dbe8be2a
.exe windows x86

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
EventActivityIdControl
ConvertStringSidToSidW
RegCloseKey

kernel32

GetProcessHeap
HeapFree
GetTickCount
GetStdHandle
SetThreadPreferredUILanguages
HeapSetInformation
GetLastError
SetThreadUILanguage
GetComputerNameW
GetProcAddress
LoadLibraryW
GetModuleHandleW
HeapAlloc
FormatMessageW
LocalFree
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
FileTimeToSystemTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
MultiByteToWideChar
InterlockedExchange
GetCurrentThreadId

msvcrt

malloc
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__wgetmainargs
memset
memcpy
fprintf
_iob
_wcsicmp
exit
printf
free
wcstol
getchar
_getch
wcschr
wcsstr
_wtoi

rpcrt4

RpcErrorLoadErrorInfo
RpcErrorEndEnumeration
RpcErrorClearInformation
RpcErrorSaveErrorInfo
RpcErrorResetEnumeration
RpcErrorGetNextRecord
RpcErrorGetNumberOfRecords
RpcErrorStartEnumeration
RpcMgmtStatsVectorFree
RpcMgmtInqStats
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidToStringW
UuidCreate
RpcCertGeneratePrincipalNameW
UuidFromStringW
RpcStringFreeW
I_RpcCertProcessAndProvision

ntdll

WinSqmIsOptedIn
WinSqmIncrementDWORD

winhttp

WinHttpSetCredentials
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpQueryHeaders
WinHttpQueryOption

crypt32

CertFreeCertificateContext

credui

SspiPromptForCredentialsW
CredUIPromptForCredentialsW

rpcdiag

RpcDiagnoseError

sspicli

SspiEncodeStringsAsAuthIdentity
SspiEncodeAuthIdentityAsStrings

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c7ea1f046a80a4d02174a4ba61467ec

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

winhttp

crypt32

credui

rpcdiag

sspicli

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: 144KB - Virtual size: 380KB