42f6b794d011fb154fa5b359e7096edfe52d4074f8176a88003d7ac1dafbd17d

Sharing

Copy URL Twitter E-mail

General

Target

42f6b794d011fb154fa5b359e7096edfe52d4074f8176a88003d7ac1dafbd17d
Size

456KB
MD5

349ae7873d739580176ccdeea107ec80
SHA1

3f5d4147480407af57bc75ba7d0a3b749e8bf680
SHA256

42f6b794d011fb154fa5b359e7096edfe52d4074f8176a88003d7ac1dafbd17d
SHA512

0d7c7bafc2f188471bed545baf078373b881e3cbddcf3adf5fc86a0d4cec369a3b6b229910eadeb0104a5c66e32c5769e0b5f59bc4d88cb2915165af2af06af6
SSDEEP

6144:GLO4MPfDHTwtKDUbHwkBYK5Tz77uCYXilJbg5O5/9W:GLxMPfzRUdYK5/7+XST5l

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

42f6b794d011fb154fa5b359e7096edfe52d4074f8176a88003d7ac1dafbd17d
.exe windows x86

25e90e4411d14c44cd4a1194a1387b99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LCMapStringW
LCMapStringA
MultiByteToWideChar
UnhandledExceptionFilter
FreeEnvironmentStringsA
TlsAlloc
GetCurrentThreadId
IsBadWritePtr
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
SetFilePointer
GetCPInfo
TerminateProcess
VirtualAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
FlushFileBuffers
ReadFile
LocalFree
LocalAlloc
LoadLibraryW
GetVersion
GetCommandLineW
GetComputerNameW
ExitProcess
GetModuleHandleW
GetProcAddress
SetComputerNameW
CreateDirectoryW
lstrcpyW
SetLastError
lstrlenW
GetCurrentProcess
CloseHandle
GetLastError
FormatMessageW
ExpandEnvironmentStringsW
GetFileAttributesW
Sleep
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapFree
HeapAlloc
ResumeThread
CreateThread
TlsSetValue
ExitThread
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
RtlUnwind
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapDestroy

user32

ShowWindow
InflateRect
DialogBoxIndirectParamW
GetNextDlgGroupItem
DefWindowProcW
SetWindowTextW
CreateWindowExW
SendMessageW
MapWindowPoints
CreateDialogParamW
SetWindowPos
IsWindowEnabled
GetNextDlgTabItem
LoadIconW
RegisterClassExW
GetWindowLongW
SetWindowLongW
GetMessageW
wsprintfW
DispatchMessageW
IsDialogMessageW
PostQuitMessage
TranslateMessage
EnableWindow
GetDlgItemTextW
IsDlgButtonChecked
SetFocus
CheckDlgButton
DialogBoxParamW
EndDialog
GetParent
GetWindowRect
MoveWindow
GetDlgItem
LoadCursorW
GetSysColorBrush
GetSysColor
ChildWindowFromPoint
InvalidateRect
SetCursor
MessageBoxW
PostMessageW
SetDlgItemTextW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetStockObject
GetObjectW
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject
GetDeviceCaps

comctl32

ord17

comdlg32

PrintDlgW

advapi32

RegOpenKeyW
RegConnectRegistryW
RegFlushKey
RegSaveKeyW
RegReplaceKeyW
FreeSid
GetLengthSid
AllocateAndInitializeSid
IsValidSid
GetSidIdentifierAuthority
InitiateSystemShutdownW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueW
RegCreateKeyW
RegEnumValueW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegLoadKeyW
RegUnLoadKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegCloseKey
RegGetKeySecurity
GetNamedSecurityInfoW
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetAclInformation
GetAce
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetSecurityDescriptorOwner
SetFileSecurityW
GetSecurityDescriptorGroup

shell32

CommandLineToArgvW
SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25e90e4411d14c44cd4a1194a1387b99

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

comdlg32

advapi32

shell32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 116KB - Virtual size: 120KB

.rsrc Size: 36KB - Virtual size: 36KB

.UPX Size: 240KB - Virtual size: 240KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 116KB - Virtual size: 120KB

.rsrc
Size: 36KB - Virtual size: 36KB

.UPX
Size: 240KB - Virtual size: 240KB