c1e5766c7517d9a529b0dadf44962fd68927c3d80c69d31dc819792ae12261f9

Sharing

Copy URL Twitter E-mail

General

Target

c1e5766c7517d9a529b0dadf44962fd68927c3d80c69d31dc819792ae12261f9
Size

427KB
MD5

6ae5f941e6038052f1a8b27de0a0ab60
SHA1

8644a2120ff547b69e643a79b81a859eba16da2d
SHA256

c1e5766c7517d9a529b0dadf44962fd68927c3d80c69d31dc819792ae12261f9
SHA512

23c22901416c0d73051eb5f0c0d80bbd1c538a053b5c5806b8e72353dadb8f9157216f304386b900f3d6a6bc4934031fed334e345f26c3c6320c315d96d0ff01
SSDEEP

12288:1iby+08JDDErYvkvP4BFEiM6++OBlYER:Q1hD3vCP49e7YE

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c1e5766c7517d9a529b0dadf44962fd68927c3d80c69d31dc819792ae12261f9
.exe windows x86

0c11493700f9ecbf8c1d31a0c63d00cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
CreateMutexW
Sleep
OpenMutexW
GetCurrentThreadId
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
CreateFileA
GetLocaleInfoW
RaiseException
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetFilePointer
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetModuleFileNameA
LoadLibraryW
ReadProcessMemory
GlobalAlloc
GlobalFree
VirtualFreeEx
CloseHandle
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetVersionExW
MultiByteToWideChar
FreeResource
FindResourceExW
FindResourceW
LoadResource
LockResource
WriteConsoleW
SizeofResource
WriteFile
ExitProcess
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoW
InterlockedExchange
WideCharToMultiByte

user32

IsRectEmpty
PtInRect
SetRect
EqualRect
GetWindowRect
ScreenToClient
GetDC
SendMessageW
SetTimer
SetParent
SetWindowPos
SetWindowLongW
GetWindowLongW
FindWindowExW
EnumWindows
PostQuitMessage
LoadImageW
SetCursor
UnregisterClassA
DefWindowProcW
GetActiveWindow
DialogBoxParamW
DestroyWindow
ShowWindow
GetSystemMetrics
GetCursorPos
GetWindowThreadProcessId
CharNextW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitialize

shell32

ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW
StrStrW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdi32

CreateCompatibleDC
SelectObject
SetViewportOrgEx
CreateCompatibleBitmap
DeleteObject
DeleteDC
BitBlt

gdiplus

GdipGetImageWidth
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDrawImageRectI
GdipReleaseDC
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageHeight
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM

wininet

HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetAttemptConnect
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 241KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c11493700f9ecbf8c1d31a0c63d00cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

comctl32

gdi32

gdiplus

wininet

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 37KB - Virtual size: 37KB

.UPX Size: 241KB - Virtual size: 244KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 37KB - Virtual size: 37KB

.UPX
Size: 241KB - Virtual size: 244KB