ca0b54966e84ff787b5512b649eaf5a57e2e72e375c0d8b12c556647fe2171ba

Sharing

Copy URL Twitter E-mail

General

Target

ca0b54966e84ff787b5512b649eaf5a57e2e72e375c0d8b12c556647fe2171ba
Size

779KB
MD5

69428e6875366bc381c6a6a94eef6d15
SHA1

13bb8236ab33164144e4e345e8d47b8083ba7d89
SHA256

ca0b54966e84ff787b5512b649eaf5a57e2e72e375c0d8b12c556647fe2171ba
SHA512

21507153b454c65dd35cedd45806eda08c4cb2fff460a3f1cbef0b548617c9f6478804fefaf546a1baf73a408489ee0ada263c1528f4d484c86be1fc378eba92
SSDEEP

24576:eBHqhdEprUY4zgqGwNdWZ0IJpXgoFR2Ker:eBK1GVxJpXRFR2Ke

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

ca0b54966e84ff787b5512b649eaf5a57e2e72e375c0d8b12c556647fe2171ba
.exe windows x86

64b6d86cd2aef9f4597fc114269a16b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
CreateFileA
OutputDebugStringA
VirtualAlloc
VirtualFree
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetSystemInfo
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
CreateFileW
CloseHandle
DelayLoadFailureHook
InterlockedExchange
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
ExitProcess
SleepEx
OutputDebugStringW
SetCurrentDirectoryW
GetModuleFileNameW
RegisterApplicationRestart
GetCommandLineW
GetLastError
CreateMutexW
LoadLibraryW
GetVersionExW
QueryPerformanceFrequency
FlushInstructionCache
RaiseException
EnterCriticalSection
LeaveCriticalSection
MulDiv
SetLastError
MultiByteToWideChar
DeleteFileW
GetCurrentDirectoryW
GetFileSize
ReadFile
WriteFile
SetFilePointer
MoveFileExW
GetFileAttributesW
CreateDirectoryW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
LocalAlloc
LockResource
LoadResource
GetThreadLocale
FindResourceExW
ExpandEnvironmentStringsW
WaitForSingleObject
WideCharToMultiByte
CreateEventW
LoadLibraryExW
SizeofResource
FindResourceW
GlobalFree
GlobalAlloc
GetDateFormatW
GetLocaleInfoW
ConvertDefaultLocale
FreeResource
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
CreateThread
HeapSetInformation
LocalFree
GetModuleHandleW

user32

SetDlgItemTextW
GetFocus
EnableWindow
GetKeyState
SendMessageW
InvalidateRect
ShowCursor
SetWindowPos
GetWindowRect
KillTimer
IsIconic
GetSystemMetrics
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
PeekMessageW
SetTimer
DestroyWindow
UnhookWindowsHookEx
LoadAcceleratorsW
RegisterRawInputDevices
SetProcessDPIAware
SetForegroundWindow
BringWindowToTop
FindWindowW
MonitorFromWindow
SetRect
SetWindowLongW
GetClassInfoExW
LoadCursorW
SetClassLongW
SetCursor
SetMenuInfo
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
GetCursorPos
TrackPopupMenu
FillRect
GetSysColor
EqualRect
UnionRect
GetMonitorInfoW
MonitorFromRect
GetClientRect
SendInput
SetWindowPlacement
IsWindowVisible
GetWindowPlacement
CallNextHookEx
IsDlgButtonChecked
IsZoomed
EnumDisplayMonitors
ReleaseDC
GetDC
RedrawWindow
DefWindowProcW
GetDlgItem
TrackMouseEvent
IsRectEmpty
IntersectRect
GetRawInputData
GetForegroundWindow
DrawFrameControl
PtInRect
ScreenToClient
ReleaseCapture
EndPaint
GetSysColorBrush
BeginPaint
SystemParametersInfoW
RegisterClassExW
CreateWindowExW
GetSubMenu
LoadMenuW
SetWindowsHookExW
RegisterClassW
RegisterWindowMessageW
NotifyWinEvent
GetDoubleClickTime
GetWindowLongW
DrawTextW
CallWindowProcW
GetProcessDefaultLayout
GetParent
AdjustWindowRect
GetIconInfo
GetWindow
GetClassNameW
GetNextDlgGroupItem
SetFocus
GetDlgCtrlID
EndDialog
GetWindowTextW
MapWindowPoints
DrawEdge
IsWindowEnabled
EnumChildWindows
SetWindowRgn
IsDialogMessageW
GetNextDlgTabItem
CreateDialogParamW
CreateDialogIndirectParamW
DialogBoxParamW
GetMenu
PostMessageW
LoadStringW
MessageBoxW
EnableMenuItem
SetWindowTextW
LoadIconW
PostQuitMessage
CheckDlgButton
UnregisterClassA
SetCapture
ShowWindow
OffsetRect

msvcrt

_vsnwprintf_s
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
wcscat_s
_CIlog
qsort
swprintf_s
_snwprintf_s
memmove
ceil
_errno
strncmp
_vscwprintf
_wcstoui64
wcstod
wcsspn
_controlfp
wcsnlen
wcscspn
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
wcsncat_s
memmove_s
_wcsnicmp
_localtime64_s
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_callnewh
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
srand
memset
malloc
wcsncmp
floor
rand
_CIsqrt
_CIatan
wcstombs_s
mbstowcs_s
_wcsicmp
_wtof
wcstol
_ftol2
_wtoi
wcsncpy_s
_time64
_ftol2_sse
time
wcstoul
wcscpy_s
wcschr
memcpy
realloc
free
_purecall
__CxxFrameHandler3
_CIacos
_CIatan2
_CIsin
_finite
_strdup
setlocale
iswpunct
iswdigit
iswalpha
iswspace

ntdll

WinSqmAddToStream

shell32

ShellAboutW
SHGetFolderPathEx
CommandLineToArgvW
SHGetFolderPathW
SHSetLocalizedName
ShellExecuteW

advapi32

RegCloseKey
GetUserNameW
RegOpenKeyA
RegQueryValueExA

gdi32

SetBkColor
SetBkMode
RemoveFontResourceW
CreateRoundRectRgn
GetObjectA
CreatePen
Rectangle
GetBkColor
GetTextColor
DeleteDC
SaveDC
GetStockObject
CreateFontW
CreateSolidBrush
CreateFontIndirectW
PatBlt
DeleteObject
ExtTextOutW
CreateCompatibleDC
CreateBitmap
BitBlt
MoveToEx
ExtTextOutA
SetMapMode
SetTextAlign
CreateFontIndirectA
GetFontLanguageInfo
GetTextMetricsW
GetCharacterPlacementW
GetCharacterPlacementA
CreateDIBSection
GetGlyphOutlineA
GetTextMetricsA
GetObjectW
AddFontResourceW
RestoreDC
SetTextColor
SelectObject
GetDeviceCaps
GetTextExtentPoint32W
ExcludeClipRect

oleaut32

SysAllocString
VariantInit
SysFreeString
SysStringLen

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

shlwapi

PathCombineW
PathFileExistsW

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Add
ImageList_Destroy

gdiplus

GdipSetTextRenderingHint
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateRegionHrgn
GdipSetClipRegion
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipMeasureString
GdipFillRegion
GdipFillRectangleI
GdipDrawRectangleI
GdipDrawRectangle
GdipDrawLineI
GdipReleaseDC
GdipGetDC
GdipCreateFromHDC
GdipSetStringFormatHotkeyPrefix
GdipSetPenDashStyle
GdipCreateLineBrushFromRectI
GdipSetImageAttributesWrapMode
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFont
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill
GdipImageRotateFlip
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetImageGraphicsContext
GdipSetStringFormatFlags
GdipDrawString
GdipDrawImageRectI
GdipCloneBrush
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreatePen1
GdipDeletePen
GdipDeleteRegion

secur32

GetUserNameExW

d3d9

Direct3DCreate9

dsound

ord11

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleProxyW
AccessibleChildren
LresultFromObject

xinput9_1_0

XInputGetState

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

slc

SLGetWindowsInformationDWORD

usp10

ScriptItemize
ScriptBreak

Sections

.text
Size: 506KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64b6d86cd2aef9f4597fc114269a16b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

ntdll

shell32

advapi32

gdi32

oleaut32

ole32

shlwapi

comctl32

gdiplus

secur32

d3d9

dsound

winmm

oleacc

xinput9_1_0

wtsapi32

slc

usp10

Sections

.text Size: 506KB - Virtual size: 506KB

.data Size: 34KB - Virtual size: 60KB

.rsrc Size: 94KB - Virtual size: 94KB

.reloc Size: 34KB - Virtual size: 33KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 506KB - Virtual size: 506KB

.data
Size: 34KB - Virtual size: 60KB

.rsrc
Size: 94KB - Virtual size: 94KB

.reloc
Size: 34KB - Virtual size: 33KB

.UPX0
Size: 108KB - Virtual size: 260KB