3f31f84e77dd5789773a1c1937162b71373b510b1f3af1abb52052b4e5594415

Sharing

Copy URL Twitter E-mail

General

Target

3f31f84e77dd5789773a1c1937162b71373b510b1f3af1abb52052b4e5594415
Size

205KB
MD5

62dd99c408d9947fbf06e60fc8e2b14e
SHA1

4afacfd63ae64e63ab7077ddae773a7ffa6e99ae
SHA256

3f31f84e77dd5789773a1c1937162b71373b510b1f3af1abb52052b4e5594415
SHA512

deb0513ef85cc28d907a3ed0148690854f512796c55b9194fa905b20e3e649be472e472761339067f12257cbc11e9f64f0cfad47920f3e5fbef40694401d16db
SSDEEP

3072:zaxDHXs1fEMcUGkFlcfmY0q8GSnXZmBbmEFc0zcIYmZZqsZlcJ:zaxbCfxcUGkt/TGSnX0BbmEO0wIZq2C

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

3f31f84e77dd5789773a1c1937162b71373b510b1f3af1abb52052b4e5594415
.exe windows x86

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
wcslen
wcschr
wcscmp
strchr
_XcptFilter
_exit
_c_exit
rand
malloc
realloc
free
_except_handler3
_resetstkoflw
strrchr
wcsrchr
_strnicmp
_wcsnicmp
??2@YAPAXI@Z
wcsncpy
wcscpy
??3@YAXPAX@Z

advapi32

RegCreateKeyExA
IsValidSid
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
RegQueryValueExA
RegSetValueExA

kernel32

GetDiskFreeSpaceA
GetStartupInfoA
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
DeviceIoControl
HeapFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
WaitForSingleObject
CloseHandle
UnmapViewOfFile
GetLocalTime
GetProcAddress
GetModuleHandleW
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
LocalAlloc
GetLastError
GetCurrentProcess
ReleaseMutex
SetLastError
LocalFree
CreateMutexW
LoadLibraryExA
SetEvent
ResetEvent
InterlockedIncrement
GlobalFree
GlobalUnlock
GlobalLock
CreateDirectoryW
DeleteFileW
GetTempFileNameW
WideCharToMultiByte
GlobalAlloc
InterlockedDecrement
MultiByteToWideChar
WaitForMultipleObjects
GlobalSize
CreateThread
CreateEventW
ProcessIdToSessionId
GetOverlappedResult
WriteFile
ExitThread
ReadFile
GetTickCount
CancelIo
PulseEvent
OpenEventW
WaitForMultipleObjectsEx
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter

gdi32

DeleteMetaFile
DeleteObject
GetObjectW
GetPaletteEntries
CreatePalette
SetMetaFileBitsEx
CreateMetaFileW
PlayMetaFile
CloseMetaFile
GetMetaFileBitsEx
GetStockObject

user32

PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardOwner
GetClipboardFormatNameW
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardViewer
DefWindowProcW
SetClipboardViewer
PostQuitMessage
DestroyWindow
ChangeClipboardChain
UnregisterClassW
RegisterWindowMessageW
CreateWindowExW
RegisterClassW
GetClipboardData
SendMessageW

shell32

SHFileOperationA
SHFileOperationW

winsta

WinStationQueryInformationW
WinStationVirtualOpen

wsock32

socket
WSAGetLastError
WSAStartup
WSACleanup
closesocket
getsockopt
ioctlsocket
sendto

ws2_32

WSACloseEvent
WSACreateEvent
WSAGetOverlappedResult
WSARecvFrom

msacm32

acmDriverOpen
acmStreamSize
acmStreamPrepareHeader
acmDriverClose
acmStreamClose
acmFormatSuggest
acmStreamOpen
acmFormatTagDetailsW
acmDriverEnum
acmStreamUnprepareHeader
acmStreamConvert

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ole32

OleIsCurrentClipboard
CoGetMalloc
OleSetClipboard
OleInitialize

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

winsta

wsock32

ws2_32

msacm32

wtsapi32

ole32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 72KB

.rsrc Size: 1024B - Virtual size: 984B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 72KB

.rsrc
Size: 1024B - Virtual size: 984B

UPX0
Size: 144KB - Virtual size: 380KB