f61ee28249f1c280173c2a2c874496d7681b6c5c15fa8265602d1a43dbbf1c2b

Sharing

Copy URL Twitter E-mail

General

Target

f61ee28249f1c280173c2a2c874496d7681b6c5c15fa8265602d1a43dbbf1c2b
Size

256KB
MD5

5aab4c8a97ef310cf05134ed8b4e597c
SHA1

285a70d976668382e091c71a2c51e16c869916f7
SHA256

f61ee28249f1c280173c2a2c874496d7681b6c5c15fa8265602d1a43dbbf1c2b
SHA512

abbb76b5012bb3b2821106284106429ebf3106c19478921631e129f9c4e243ea0ca1058f1f5f01595dd2a6b428a3ebe93173cabef20d98ea4424e6ff528f848c
SSDEEP

6144:a4Tn8RjsDBWeWMgFswvu8kn5iBh9aLASgR4dMniU3SUb6liZwillBq6A:YjstWeWFFpu8kn5iBDaLx/MnP3fb6liS

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

f61ee28249f1c280173c2a2c874496d7681b6c5c15fa8265602d1a43dbbf1c2b
.exe windows x86

12da878c5889d860091d0234440c2c8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenThreadToken
LookupAccountSidW
ConvertSidToStringSidW

kernel32

GetTickCount
QueryPerformanceCounter
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
FreeLibrary
FormatMessageW
LoadLibraryW
ReadConsoleW
FlushConsoleInputBuffer
SetConsoleMode
GetDiskFreeSpaceExW
CompareStringW
GetTimeFormatW
GetVolumeNameForVolumeMountPointW
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetModuleHandleW
CloseHandle
GetLastError
SetLastError
GetCurrentProcess
GetStdHandle
SetThreadUILanguage
LocalFree
GetCommandLineW
HeapSetInformation
RaiseException
FindFirstVolumeW
GetDriveTypeW
GetDateFormatW
FindNextVolumeW
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
GetCurrentThreadId
CreateFileW
CreateEventW
DeviceIoControl
ResetEvent
GetVersionExW
LoadLibraryExW
GetCurrentThread
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
Sleep
FindVolumeClose
GetCurrentProcessId

msvcrt

_callnewh
wcsncmp
memcpy
memcpy_s
??0exception@@QAE@ABQBD@Z
memmove_s
_vsnprintf
_purecall
__CxxFrameHandler3
free
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_ftol2
iswalpha
towupper
swscanf
iswdigit
malloc
srand
rand
memset
_CxxThrowException
wprintf
realloc
wcschr
_wcsicmp
_vsnwprintf

atl

ord30

vsstrace

ord2
ord9
ord4
ord10
ord11
ord8
ord6
ord5
ord7
ord3
ord1

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeSecurity
CoInitializeEx
CLSIDFromString
CoCreateInstance

user32

LoadStringW

oleaut32

GetErrorInfo
SysFreeString

vssapi

CreateVssBackupComponentsInternal
GetProviderMgmtInterfaceInternal
ShouldBlockRevertInternal
VssFreeSnapshotPropertiesInternal

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12da878c5889d860091d0234440c2c8e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

atl

vsstrace

ole32

user32

oleaut32

vssapi

Sections

.text Size: 101KB - Virtual size: 100KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 7KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 101KB - Virtual size: 100KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 7KB

UPX0
Size: 144KB - Virtual size: 380KB