353b0b2670a10c1e130ecb4ca03eedbf3d68e566a0fcf4589508bbd63f963962

Sharing

Copy URL

Twitter E-mail

General

Target

353b0b2670a10c1e130ecb4ca03eedbf3d68e566a0fcf4589508bbd63f963962
Size

1.2MB
MD5

30f3c0cdba43cd7c0dbf9f3bbda2a1f9
SHA1

0fe1b10eddb15d5fb55dbe7c071d031828893d1e
SHA256

353b0b2670a10c1e130ecb4ca03eedbf3d68e566a0fcf4589508bbd63f963962
SHA512

3844fcbc8e6a80da32c88b62bd7d87f061336f745a917e49105b6127636e5e1156d16e268304c36eddadc74b9b544fdb7efe19e0479da0634093df647354ed6e
SSDEEP

24576:ayXJF9PxP9SCj3PGL3j3eRjkWmKp7Ajjl:aMJF5xQCj3PQ37eRWKp7Afl

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

353b0b2670a10c1e130ecb4ca03eedbf3d68e566a0fcf4589508bbd63f963962
.exe windows x86

9585f30971ed0e60cc41366c31514fe5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
WaitForSingleObject
Sleep
ResumeThread
GetTickCount
DeleteFileA
SetFileAttributesA
InterlockedDecrement
MultiByteToWideChar
lstrlenA
GetFileAttributesA
GetFullPathNameA
SetLastError
GetModuleFileNameA
GetCurrentDirectoryA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
FindClose
FindNextFileA
FindFirstFileA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
GetCurrentProcess
GetProcAddress
GetTempPathA
CopyFileA
GetTempFileNameA
LockResource
LoadResource
FindResourceExA
SizeofResource
FindResourceA
GetCommandLineA
TerminateProcess
CloseHandle
CreateProcessA
GetStartupInfoA
SetFilePointer
GetFileType
DuplicateHandle
CreateFileA
ReadFile
SystemTimeToFileTime
WriteFile
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
GetVersionExA
LocalFree
FormatMessageA
GetSystemDefaultLangID
GetUserDefaultLangID
WideCharToMultiByte
GetEnvironmentVariableA
GetShortPathNameA
GetSystemDirectoryA
GetLocaleInfoA
GetDriveTypeA
MoveFileA
CompareFileTime
GetFileTime
OpenFile
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcmpA
HeapAlloc
HeapFree
GlobalFree
GlobalAlloc
GetExitCodeProcess
FlushFileBuffers
lstrcatA
CreateThread
CreateMutexA
OpenMutexA
CreateEventA
SetEvent
LocalAlloc
InterlockedExchange
RaiseException
lstrlenW
GlobalUnlock
GlobalLock
lstrcpyA
GlobalFindAtomA
lstrcmpiA
GlobalGetAtomNameA
GetVersion
InterlockedIncrement
SetThreadPriority
SuspendThread
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
MulDiv
GetThreadLocale
FileTimeToLocalFileTime
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetCurrentThread
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
IsBadReadPtr
GetTimeZoneInformation
GetSystemTime
ExitProcess
ExitThread
SetStdHandle
GetACP
HeapReAlloc
HeapSize
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA

oledlg

ord8

ole32

CoInitialize
OleRun
CoCreateGuid
CoUninitialize
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance

olepro32

ord253

oleaut32

GetErrorInfo
SysStringLen
SysAllocStringByteLen
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantTimeToSystemTime
SysAllocStringLen
SysAllocString
VariantChangeType
VariantInit
SysFreeString
VariantClear

wininet

InternetGetLastResponseInfoA
HttpQueryInfoA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetSetOptionExA
InternetCloseHandle
InternetGetConnectedState
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetOpenA

Sections

.text
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9585f30971ed0e60cc41366c31514fe5

Headers

File Characteristics

Imports

kernel32

oledlg

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 460KB - Virtual size: 458KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 56KB - Virtual size: 135KB

.rsrc Size: 504KB - Virtual size: 503KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 460KB - Virtual size: 458KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 56KB - Virtual size: 135KB

.rsrc
Size: 504KB - Virtual size: 503KB

.UPX0
Size: 104KB - Virtual size: 252KB