266e1c6dc1c3c9b973a31843fc4d800dbe981f37f367bbcacf6d39a8fe58c51f

Sharing

Copy URL Twitter E-mail

General

Target

266e1c6dc1c3c9b973a31843fc4d800dbe981f37f367bbcacf6d39a8fe58c51f
Size

964KB
MD5

53b3250494b93ce086bda194f75e98a5
SHA1

f9eb3a693747d6a22606da1889300fc7029d3831
SHA256

266e1c6dc1c3c9b973a31843fc4d800dbe981f37f367bbcacf6d39a8fe58c51f
SHA512

3839e3de3391029ae1a9d0b8943f1effe634e6978f1fc0285474d43cbe622b3691563a5d3f3ec1fc453420bf30cc928234efa42795983b658b1be320e7cedeb2
SSDEEP

24576:rnu/KmbeOHycHBtaIg7sG0yifb7lJKxirbzzzzzkzzzzz2eYK5aXO5:DkzXtmsG0yiuxirbzzzzzkzzzzz2K8XO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

266e1c6dc1c3c9b973a31843fc4d800dbe981f37f367bbcacf6d39a8fe58c51f
.exe windows x86

adedfb2e0b2a9bd75acf90b6063f7476

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetWindowsDirectoryA
RemoveDirectoryA
TerminateProcess
CreateProcessA
MoveFileExA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
GetTempFileNameA
ResumeThread
SetThreadPriority
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
MulDiv
GlobalFree
GlobalAlloc
FlushFileBuffers
SetEndOfFile
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetLocaleInfoW
SetStdHandle
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FormatMessageA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetOEMCP
HeapSize
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
HeapReAlloc
RtlUnwind
ExitProcess
CreateDirectoryA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetPrivateProfileSectionA
HeapFree
CopyFileA
Sleep
GetShortPathNameA
CreateMutexA
ReadFile
FindFirstFileA
GetFullPathNameA
SetLastError
MultiByteToWideChar
FindClose
FindNextFileA
lstrlenW
lstrcmpA
GetTempPathA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
LocalFree
GetCommandLineA
GetExitCodeProcess
InterlockedIncrement
OpenProcess
GetModuleHandleA
GetLastError
GetTickCount
OutputDebugStringA
WaitForSingleObject
GetCurrentThreadId
GetModuleFileNameA
GetFileSize
SetFileAttributesA
DeleteFileA
DeviceIoControl
MoveFileA
SetFilePointer
WriteFile
GetFileAttributesA
lstrcpynA
GetLocalTime
GetPrivateProfileStringA
GetPrivateProfileIntA
InterlockedDecrement
GetCurrentProcessId
WideCharToMultiByte
lstrcmpiA
lstrcpyA
lstrlenA
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
LoadLibraryA
GetProcAddress
CreateFileA
CloseHandle
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
RaiseException

user32

GetFocus
LoadCursorA
PostQuitMessage
IsWindowEnabled
SetActiveWindow
IsDialogMessageA
SetWindowPos
MapWindowPoints
UnregisterClassA
SetWindowLongA
wsprintfA
ShowWindow
LoadStringA
CharUpperA
DispatchMessageA
TranslateMessage
GetMessageA
GetParent
LoadImageA
EnableMenuItem
GetSystemMenu
GetSystemMetrics
EndPaint
DrawTextExA
FillRect
BeginPaint
UpdateWindow
InvalidateRect
PtInRect
SetCursor
GetPropA
SetPropA
CreateWindowExA
RegisterClassExA
GetClassNameA
GetDlgCtrlID
CallWindowProcA
GetWindowLongA
GetDlgItemTextA
EnumChildWindows
DestroyWindow
ExitWindowsEx
DefWindowProcA
PostMessageA
EndDialog
SetWindowTextA
GetDlgItem
GetWindowThreadProcessId
IsWindowVisible
ReleaseDC
EnumWindows
RedrawWindow
GetWindow
GetWindowRect
SetDlgItemTextA
MoveWindow
PeekMessageA
SendMessageA
FindWindowA
IsWindow
wvsprintfA
CharLowerA
CharNextA
CreateDialogParamA
DialogBoxParamA
MessageBoxA
SetForegroundWindow
GetActiveWindow
SystemParametersInfoA
MsgWaitForMultipleObjects
GetDC
IsDlgButtonChecked
CheckRadioButton
GetWindowTextLengthA
GetWindowTextA
MessageBeep
GetClientRect
EnableWindow
GetCursorPos
LoadBitmapA
ScreenToClient
SetFocus
KillTimer
SetTimer

gdi32

DeleteObject
GetTextExtentPoint32A
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateSolidBrush
SetTextColor
SetBkMode
SetBkColor
CreateFontA
CreatePatternBrush
GetObjectType
GetDeviceCaps
CreateFontIndirectA
CreateCompatibleBitmap

comdlg32

GetSaveFileNameA

advapi32

AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
FreeSid
RegDeleteKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegCreateKeyExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
EqualSid
GetAce
AdjustTokenPrivileges
RegQueryInfoKeyA
RegGetKeySecurity
GetTokenInformation
RegQueryValueA
GetUserNameA
RegEnumKeyExA
CreateProcessAsUserA
EnumDependentServicesA
ControlService
StartServiceA
DeleteService
CreateServiceA
ChangeServiceConfigA
RegSetKeySecurity
OpenProcessToken
AddAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityA
AllocateAndInitializeSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
LookupPrivilegeValueA

shell32

SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA
ShellExecuteExA
SHGetMalloc
SHBrowseForFolderA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance
OleInitialize

oleaut32

VariantClear
VariantInit
VariantCopy
SysFreeString
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
VarBstrCat
SysAllocString
VarUI4FromStr

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathSkipRootA

comctl32

ImageList_Create
ImageList_AddMasked
InitCommonControlsEx

rpcrt4

UuidCreate

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCrackUrlA
InternetSetOptionA
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCloseHandle
HttpAddRequestHeadersA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

inet_addr
htonl
ntohs
socket
WSAGetLastError
connect
closesocket
send
select
recv
htons
WSACleanup
WSAStartup
ioctlsocket

Sections

.text
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

adedfb2e0b2a9bd75acf90b6063f7476

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

rpcrt4

wininet

version

wsock32

Sections

.text Size: 448KB - Virtual size: 444KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 196KB - Virtual size: 193KB

.UPX Size: 240KB - Virtual size: 240KB

.text
Size: 448KB - Virtual size: 444KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 196KB - Virtual size: 193KB

.UPX
Size: 240KB - Virtual size: 240KB