95d01b4f55b27aaf13c7242122eb07d9d6c89dd2aa89d5e80003022c2d4d8222

Sharing

Copy URL

Twitter E-mail

General

Target

95d01b4f55b27aaf13c7242122eb07d9d6c89dd2aa89d5e80003022c2d4d8222
Size

236KB
MD5

2190a273f6280fbd9249ad363179b5e7
SHA1

2e46a2048f6b2fbd18f9bdb13318b7d6f26a4462
SHA256

95d01b4f55b27aaf13c7242122eb07d9d6c89dd2aa89d5e80003022c2d4d8222
SHA512

d25b2b97e95aa8f17d7ebf002d33c7db7fec1ea1bcc9b136ed750bb59121df744f7e14bf0b4a849291a75b9713ea80af2c1f211bb17acf914f1a2325fe563d47
SSDEEP

6144:gyRHNoesDk/OyZgnMyjQyxxvgvWljdiJAu1dLu6s:PHNoesDQZgnMaTvSijkJAu/Zs

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

95d01b4f55b27aaf13c7242122eb07d9d6c89dd2aa89d5e80003022c2d4d8222
.exe windows x86

4bf9e034c212265ba4a3c7c8dc046989

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp71

?rend@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@XZ
?rbegin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$reverse_iterator@Viterator@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@2@XZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@V312@0@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??_D?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?fail@ios_base@std@@QBE_NXZ
?endl@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?open@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXPBDHH@Z
?close@?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??Bios_base@std@@QBEPAXXZ
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHABV12@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?to_int_type@?$char_traits@G@std@@SAGABG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?eof@?$char_traits@G@std@@SAGXZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?to_char_type@?$char_traits@G@std@@SAGABG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?good@ios_base@std@@QBE_NXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEXXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

mfc71u

ord566
ord1197
ord6133
ord6172
ord777
ord2121
ord3927
ord1235
ord2271
ord2749
ord2461
ord1236
ord4074
ord290
ord1058
ord1472
ord6111
ord2926
ord282
ord2895
ord1479
ord280
ord774
ord776
ord2311
ord293
ord4026
ord2310
ord287
ord870
ord577
ord283
ord2460
ord5398
ord757
ord3824
ord386
ord2279
ord631
ord2239
ord1079
ord764
ord1178
ord1182

msvcr71

_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
__p___winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
memset
_callnewh
_vsnwprintf
_wcslwr
wcscmp
_access
_except_handler3
_mktime64
_localtime64
__CxxFrameHandler
wcsftime
free
??0exception@@QAE@ABV0@@Z
_wcsicmp
wprintf
memmove
wcscpy
swprintf
malloc
tolower
_wtoi
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_time64
_CxxThrowException

kernel32

GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetComputerNameW
GetLastError
SetLastError
MultiByteToWideChar
lstrlenA
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
ResetEvent
MoveFileExW
GetComputerNameA
FindClose
FindFirstFileW
GetFileAttributesW
CreateEventW
SetConsoleCtrlHandler
GetStdHandle
GetConsoleWindow
GetCommandLineW
GetSystemDefaultLangID
lstrcpynW
ExitProcess
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
lstrcatW
lstrcpyW
LoadLibraryW
FreeLibrary
GetProcAddress
WideCharToMultiByte
GetModuleHandleW
GetVersion
Sleep
SetEvent
SetThreadPriority
CreateThread
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
FormatMessageW
FindNextFileW
CreateDirectoryW
GetVersionExA

user32

SetTimer
TranslateMessage
LoadIconW
PostQuitMessage
KillTimer
GetMessageW
SendMessageW
DispatchMessageW

advapi32

StartServiceW
DeleteService
ControlService
CreateServiceW
CloseServiceHandle
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegCreateKeyExW
RegSetValueExW
RegCloseKey
ChangeServiceConfig2W

shell32

SHFileOperationW

shlwapi

PathFileExistsW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

ws2_32

WSAGetLastError
WSAStartup
WSACleanup
accept
listen
bind
htonl
socket
inet_ntoa
gethostbyname
gethostname
closesocket
send
recv
getsockname
htons

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4bf9e034c212265ba4a3c7c8dc046989

Headers

File Characteristics

Imports

msvcp71

mfc71u

msvcr71

kernel32

user32

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 2KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 2KB

.UPX0
Size: 108KB - Virtual size: 260KB