ba144dd1536cfc4cb154e9d3f9d3ee3dbc51e3978feb9588befdcdabd33ee9e1

Sharing

Copy URL

Twitter E-mail

General

Target

ba144dd1536cfc4cb154e9d3f9d3ee3dbc51e3978feb9588befdcdabd33ee9e1
Size

727KB
MD5

6290de44b17316110da72dccee8d4630
SHA1

c143d4105d0b9028da2fd3e62ad35a5c9fe01215
SHA256

ba144dd1536cfc4cb154e9d3f9d3ee3dbc51e3978feb9588befdcdabd33ee9e1
SHA512

db15bf43b47ba1ec9ccfabc386aa2c74c19968faaab1ee1d4e7808dd4f5f4b04a28ed4fb507869f1e0ad8993fef4efcc4106f3f2ea6cc8614b71eaeeb13cf069
SSDEEP

12288:7xtzfl8EmN95SKTifcNjvYRoo1QBPPHE7ZgT7FoyNjGyDe3mjCribIIEVXI:7bl8EmN95KkFvEookHE7ivKyNjGyD3A8

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

ba144dd1536cfc4cb154e9d3f9d3ee3dbc51e3978feb9588befdcdabd33ee9e1
.exe windows x86

366a15cab9ba617be7218bf386b42512

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData

shlwapi

StrRChrA

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryOption
WinHttpSetOption
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpOpen

kernel32

LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
DeleteFileW
LockResource
FindResourceExW
lstrlenA
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileW
GetShortPathNameW
GetExitCodeProcess
TerminateProcess
CreateProcessW
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryW
GetVersionExW
IsBadReadPtr
FindClose
FindFirstFileW
GetFileAttributesW
CreateDirectoryExW
lstrcpyW
GetTempPathW
lstrcatW
RemoveDirectoryW
FindNextFileW
TryEnterCriticalSection
GetTickCount
DeleteTimerQueueTimer
CreateTimerQueueTimer
LoadLibraryA
CreateFileA
lstrcmpA
lstrcmpiA
DebugBreak
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SizeofResource
MultiByteToWideChar
FreeLibrary
SetEvent
InterlockedDecrement
InterlockedIncrement
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleW
Sleep
GetModuleFileNameW
WaitForSingleObject
CloseHandle
lstrcmpiW
GetLastError
RaiseException
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
VirtualQuery
GetStringTypeW
SetEndOfFile
GetStringTypeA
GetCPInfo
LCMapStringW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
LCMapStringA
GetStartupInfoW
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetModuleHandleA

user32

UnregisterClassA
LoadStringW
PostThreadMessageW
MessageBoxW
CharNextW
TranslateMessage
CharUpperW
DispatchMessageW
GetMessageW

advapi32

CryptEncrypt
RegOpenKeyExA
RegQueryValueExA
CryptDecrypt
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
ControlService
DeleteService
CreateServiceW
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CoCreateInstance
CoCreateGuid
OleRun
CLSIDFromString
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
GetErrorInfo

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

366a15cab9ba617be7218bf386b42512

Headers

File Characteristics

Imports

imagehlp

shlwapi

winhttp

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 22KB - Virtual size: 42KB

.rsrc Size: 19KB - Virtual size: 18KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 22KB - Virtual size: 42KB

.rsrc
Size: 19KB - Virtual size: 18KB

UPX0
Size: 144KB - Virtual size: 380KB