f1b5dde615c39dd895bb284d8820e743250595416dc6b61ea78fb86805c6d2ff

Sharing

Copy URL Twitter E-mail

General

Target

f1b5dde615c39dd895bb284d8820e743250595416dc6b61ea78fb86805c6d2ff
Size

193KB
MD5

56ceedad472383d4594fe8189d30ca61
SHA1

12608735313ed47284c2df322c1b6085705d836f
SHA256

f1b5dde615c39dd895bb284d8820e743250595416dc6b61ea78fb86805c6d2ff
SHA512

a81b7cf643d6f62098c51f9b178ba4e9b4fd44589535158574f86f960d1d7c37fb9683356f530280ab8a8bdd832917cf7f6b6d6d4f1907ef4ffe098d08978a20
SSDEEP

6144:qVvI3JdQSdIEcdO0cs78qd2VVAta/Mn6SAHmA:ovI3JdldIUSiIv6bmA

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

f1b5dde615c39dd895bb284d8820e743250595416dc6b61ea78fb86805c6d2ff
.exe windows x86

2b5035a5e97eac568991276b2730e837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcschr
_iob
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsdup
free
_wcsicmp
_wtoi64
_CxxThrowException
_errno
_get_osfhandle
_fileno
_vsnwprintf
wcstod
wcstoul
wcstol
fflush
fprintf
wcstok
strtok
wcsstr
?terminate@@YAXXZ
__CxxFrameHandler
_controlfp
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit

advapi32

RegConnectRegistryW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
LookupAccountSidW
RegCloseKey
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
HeapAlloc
lstrlenA
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
HeapSize
ReadConsoleW
ReadFile
SetConsoleMode
HeapFree
HeapReAlloc
ExitProcess
GetConsoleOutputCP
GetTimeFormatW
GetComputerNameExW
FileTimeToSystemTime
GetModuleFileNameW
CompareStringW
CloseHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetLocaleInfoW
SetLastError
GetNumberFormatW
OpenProcess
InterlockedDecrement
LoadLibraryExW
GetLastError
lstrcpynW
GetCurrentThreadId
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
WriteConsoleW
GetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree

ntdll

RtlLargeIntegerToChar
RtlTimeToElapsedTimeFields

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

CharUpperW
LoadStringW
wsprintfW
EnumWindowStationsW
GetProcessWindowStation
OpenWindowStationW
CloseWindowStation
SetProcessWindowStation
GetWindowTextW
EnumDesktopsW
GetThreadDesktop
OpenDesktopW
SetThreadDesktop
CloseDesktop
EnumWindows
GetWindowThreadProcessId
GetWindowLongW
GetWindow
IsHungAppWindow
FindWindowExW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocStringByteLen
VariantChangeType
VariantCopy
VariantInit
SysStringLen
SysFreeString
SysAllocString
VariantClear

secur32

GetUserNameExW

ws2_32

WSACleanup
gethostbyaddr
inet_addr
WSAGetLastError
WSAStartup

framedyn

??0CHString@@QAE@XZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
?ReleaseBuffer@CHString@@QAEXH@Z
?Mid@CHString@@QBE?AV1@HH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Empty@CHString@@QAEXXZ
??1CHString@@QAE@XZ
?Compare@CHString@@QBEHPBG@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@PBG@Z
??YCHString@@QAEABV0@ABV0@@Z
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBD@Z
?Left@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Format@CHString@@QAAXPBGZZ

netapi32

NetApiBufferFree
NetServerGetInfo

dbghelp

EnumerateLoadedModules

shlwapi

StrChrW
StrChrIW
StrStrW
StrStrIW
PathAppendW

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b5035a5e97eac568991276b2730e837

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ntdll

version

user32

mpr

ole32

oleaut32

secur32

ws2_32

framedyn

netapi32

dbghelp

shlwapi

Sections

.text Size: 70KB - Virtual size: 70KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 13KB - Virtual size: 13KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 70KB - Virtual size: 70KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 13KB - Virtual size: 13KB

.UPX0
Size: 108KB - Virtual size: 260KB