fd60389088fe41dde202ca3bf669dd78136dd36f76bb0d639e9854ebb2ba15bd

Sharing

Copy URL

Twitter E-mail

General

Target

fd60389088fe41dde202ca3bf669dd78136dd36f76bb0d639e9854ebb2ba15bd
Size

279KB
MD5

66f9b640ea91b922a33314d5aacf260f
SHA1

9c61d78e0297cdb16303ef33d0af6419d568e104
SHA256

fd60389088fe41dde202ca3bf669dd78136dd36f76bb0d639e9854ebb2ba15bd
SHA512

0d68888722a3553785aa86f73464ed5bec38cf14f1144ab1bbba3d19b783b61acefabca45e529e313c0625ca1c4ca820ff443773de74d8a2d46d6b8f61d5abbb
SSDEEP

6144:mRrKyOt1vfBnuCWbS08r7bKPhsA+g59LfUTa52:6eyW9m9G7bKarw9LsF

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fd60389088fe41dde202ca3bf669dd78136dd36f76bb0d639e9854ebb2ba15bd
.exe windows x86

7091339d380764a8396e291557863f4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
timeSetEvent

user32

UnregisterClassA
ReleaseCapture
GetWindowLongA
GetDlgItem
FindWindowA
SetWindowTextA
DestroyWindow
SetParent
ReleaseDC
EndPaint
DefWindowProcA
SetFocus
KillTimer
EqualRect
DestroyAcceleratorTable
RedrawWindow
PostThreadMessageA
ShowWindow
GetSysColor
CreateDialogParamA
GetClientRect
PostMessageA
GetClassInfoExA
SetTimer
SetWindowLongA
CopyRect
wsprintfA
FillRect
IsChild
SendNotifyMessageA
GetParent
CreateAcceleratorTableA
DrawTextA
LoadCursorA
BeginPaint
GetWindowRect
SetRect
CreateWindowExA
GetWindowTextA
GetWindowTextLengthA
SetCapture
MoveWindow
DispatchMessageA
EnumDisplayDevicesA
PeekMessageA
GetDC
CharNextA
RegisterWindowMessageA
CallWindowProcA
SendMessageTimeoutA
GetActiveWindow
GetWindow
InvalidateRgn
GetFocus
IsWindow
InvalidateRect
GetQueueStatus
GetDesktopWindow
GetClassNameA
SendMessageA
wvsprintfA
RegisterClassExA
MsgWaitForMultipleObjects
SetWindowPos

shlwapi

PathFileExistsW
PathCombineW

ole32

BindMoniker
CoUninitialize
OleLockRunning
CreateItemMoniker
StringFromGUID2
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoGetClassObject
OleInitialize
OleUninitialize
CLSIDFromProgID
StgCreateDocfile
CoTaskMemRealloc
StgOpenStorage
GetRunningObjectTable
CoTaskMemFree
StgIsStorageFile
CoInitializeSecurity
CreateBindCtx
CoSetProxyBlanket
CLSIDFromString

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
RegQueryInfoKeyA
CryptImportKey
RegSetValueExA
RegCloseKey
CryptEncrypt
RegQueryValueExA
RegEnumValueA
CryptHashData
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
CryptDestroyKey
CryptDestroyHash
CryptGetHashParam
RegCreateKeyExA
RegDeleteKeyA

kernel32

WideCharToMultiByte
GetShortPathNameW
SetFilePointer
GlobalAlloc
CreateFileW
GlobalFree
ReadFile
DisableThreadLibraryCalls
GetProcessId
Sleep
UnmapViewOfFile
LocalAlloc
CreateFileMappingA
EnumResourceTypesA
GetFileAttributesA
GetFileSize
LocalFree
CreateFileA
GetTickCount
WriteFile
MapViewOfFile
GlobalSize
CloseHandle

gdiplus

GdipDisposeImage
GdipFree
GdipCreateBitmapFromFileICM
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipAlloc
GdipCloneImage

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueA

gdi32

CreateSolidBrush
StretchDIBits
ExtEscape
GetDeviceCaps
DeleteDC
GetDIBits
SetStretchBltMode
CreateFontA
CreateCompatibleDC
SelectPalette
CreateCompatibleBitmap
RealizePalette
GetObjectA
CreateDIBSection
CreateDIBitmap
GetStockObject
DeleteObject
BitBlt
SelectObject
SetBkMode

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7091339d380764a8396e291557863f4f

Headers

File Characteristics

Imports

winmm

user32

shlwapi

ole32

advapi32

kernel32

gdiplus

wininet

setupapi

shell32

version

gdi32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 5KB - Virtual size: 4KB

.bss Size: 69KB - Virtual size: 68KB

.tls Size: 1024B - Virtual size: 92KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 5KB - Virtual size: 4KB

.bss
Size: 69KB - Virtual size: 68KB

.tls
Size: 1024B - Virtual size: 92KB

.UPX0
Size: 104KB - Virtual size: 252KB