c29ec9ef2f8e3640b4c912f48aaeb597cb2f8b11311102184f3072c5767bfe9f

Sharing

Copy URL Twitter E-mail

General

Target

c29ec9ef2f8e3640b4c912f48aaeb597cb2f8b11311102184f3072c5767bfe9f
Size

234KB
MD5

5494b7360c7041f431041607fca2de82
SHA1

63465326da2462b4fa901002c7b2153d6860d7ba
SHA256

c29ec9ef2f8e3640b4c912f48aaeb597cb2f8b11311102184f3072c5767bfe9f
SHA512

d8b54bc5c8807d632b67125c4b88d8616c33fb21035cf9befafa02accbcbf2f985c01fa17dcff2bb0dd3c97ed0dce69ded90e2e1d773d7814b07e3989544c7e9
SSDEEP

3072:2KGY+KhU2uph7h8Q3yRqMf/JgqJCMWcZmxWzDs1v7307aqJOkFryBdRJAz+e:byh8Q3CfxjJCnWzI1L07aq7rkk

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c29ec9ef2f8e3640b4c912f48aaeb597cb2f8b11311102184f3072c5767bfe9f
.exe windows x86

940bd29b3716610f036cdc46834cb966

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fflush
fputws
_vsnwprintf
swprintf
wcschr
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_wfopen
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
wcsncpy
_wcsicmp
wcslen
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
??3@YAXPAX@Z
_wsplitpath
time
mktime
__CxxFrameHandler
??2@YAPAXI@Z
fclose
_CxxThrowException
wcscmp
__wgetmainargs
_controlfp
_close
_write
_wopen
vswprintf
_beginthreadex
_purecall
_endthreadex
realloc
free
malloc

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

advapi32

SetSecurityDescriptorGroup
LsaStorePrivateData
LsaRetrievePrivateData
LsaNtStatusToWinError
LsaFreeMemory
LsaOpenPolicy
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LogonUserW
CryptAcquireContextW
CryptGetHashParam
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
RegNotifyChangeKeyValue
GetAclInformation
GetAce
AddAce
GetTokenInformation
SetSecurityDescriptorOwner
CopySid
RegEnumValueW
RegQueryInfoKeyW
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegSetValueExW
RegDeleteValueW
RegCloseKey
LookupAccountSidW
ConvertStringSidToSidW
IsValidSid
LookupAccountNameW
LsaClose
LsaRemoveAccountRights
LsaAddAccountRights
EqualSid
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCreateKeyW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
SetServiceStatus
RegDeleteKeyW

kernel32

SetEvent
WaitForSingleObject
Sleep
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
lstrlenA
lstrcatW
SizeofResource
CreateEventW
FindResourceW
LoadLibraryExW
GetShortPathNameW
GetWindowsDirectoryW
GetCommandLineW
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleA
GetStartupInfoW
lstrcpynW
LoadResource
ExitThread
LoadLibraryA
GetComputerNameExW
CreateThread
OutputDebugStringA
ReleaseMutex
CreateMutexW
lstrcmpiW
SetLastError
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
LocalFree
LocalAlloc
GetLastError
CloseHandle
UnregisterWait
InterlockedDecrement
RegisterWaitForSingleObject
OpenProcess
InterlockedIncrement
FileTimeToSystemTime
InterlockedExchange
lstrlenW
lstrcpyW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetComputerNameW
GetSystemTimeAsFileTime
OutputDebugStringW
GetModuleFileNameW
ResetEvent

user32

LoadStringW
PostThreadMessageW
wsprintfW
GetMessageW
DispatchMessageW
CharNextW
wsprintfA

mstlsapi

ord29
ord35
ord31
ord38

netapi32

NetApiBufferFree
NetUserSetInfo
NetUserGetInfo
NetUserAdd
NetUserDel

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetVartype
SafeArrayGetDim
LoadRegTypeLi
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysAllocString

ole32

CoUninitialize
CoRevertToSelf
CoImpersonateClient
CoCreateInstance
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
CoInitialize

ntdll

wcscat
wcscpy
_wtoi

crypt32

CryptBinaryToStringW

ws2_32

getsockname
htonl
socket
setsockopt
bind
closesocket
select
recvfrom
WSAGetLastError
sendto
htons
ntohs
inet_addr
WSAStartup
WSACleanup
inet_ntoa

winmm

timeGetTime

iphlpapi

GetIpAddrTable
GetAdaptersInfo

regapi

RegIsMachinePolicyAllowHelp
RegWinStationQuerySecurityW

winsta

WinStationSetInformationW
WinStationQueryInformationW
WinStationReset

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

940bd29b3716610f036cdc46834cb966

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

mstlsapi

netapi32

rpcrt4

oleaut32

ole32

ntdll

crypt32

ws2_32

winmm

iphlpapi

regapi

winsta

Sections

.text Size: 108KB - Virtual size: 108KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 15KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 108KB - Virtual size: 108KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 15KB

.UPX0
Size: 108KB - Virtual size: 260KB