95bdae2d3ae5486bc89db587963b84a04ee0a90c44631c55461f65d4c0f33024

Sharing

Copy URL Twitter E-mail

General

Target

95bdae2d3ae5486bc89db587963b84a04ee0a90c44631c55461f65d4c0f33024
Size

147KB
MD5

60232e009b075486b146a4b225652dff
SHA1

3092fc076ac0d17bab9c35173aa120e4bdc4ff4b
SHA256

95bdae2d3ae5486bc89db587963b84a04ee0a90c44631c55461f65d4c0f33024
SHA512

6ffca48d88e0e171fde7ce503000518d5a8b385b46458506b4ecc8174c3901a62076f027fa76f5aec18c26f8dd53d3c2ddb98c5696c92c7f8804271d6ce95143
SSDEEP

3072:JSbLfM9DUddf8TuaxNgiBSk54U1ixYsoADVCiuL2Dy6eCDN/g33uO8e4dD:cbLfM9qfWt/PHSCi9DyQpjxdD

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

95bdae2d3ae5486bc89db587963b84a04ee0a90c44631c55461f65d4c0f33024
.exe windows x86

f8984e30c1766647d450ef0c7cf5f665

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ultoa
_ultow
malloc
iswcntrl
_itoa
_i64tow
_itow
strtoul
isxdigit
wcslen
realloc
memmove
free
??2@YAPAXI@Z
_wcsicmp
_controlfp
_onexit
??3@YAXPAX@Z
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_except_handler3
_XcptFilter
_exit
_c_exit
wcschr
wcsncpy
wcscmp
printf
_local_unwind2
wcscpy
wcscat
_beginthreadex
__dllonexit
_cexit

advapi32

RegCloseKey
OpenThreadToken
GetTokenInformation
RegNotifyChangeKeyValue
RegOpenKeyA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
FreeSid
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
SetServiceStatus
RegSetValueExA
ReportEventW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExA

kernel32

LocalFree
LoadLibraryExA
FormatMessageW
GetCurrentThread
MultiByteToWideChar
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSection
GetLastError
CreateEventA
GetModuleFileNameA
HeapFree
HeapAlloc
GetProcessHeap
WaitForMultipleObjects
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
WaitForSingleObject
CloseHandle
GetEnvironmentVariableW
SetConsoleCtrlHandler
lstrcmpiA
CreateEventW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalAlloc

wldap32

ord208
ord73
ord13
ord133
ord140
ord40
ord41
ord18
ord10
ord194
ord26
ord14
ord79
ord224
ord27
ord142
ord145
ord147

rpcrt4

NdrServerCall2
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerUseProtseqEpExA
RpcServerRegisterIf
RpcServerRegisterAuthInfoA
RpcServerListen

ntdll

DbgPrint
_vsnwprintf
RtlConvertSidToUnicodeString
RtlLargeIntegerToChar
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteCriticalSection
RtlAcquireResourceExclusive
RtlInitializeCriticalSection
RtlDeleteResource
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeResource

netapi32

NetAlertRaiseEx

cryptdll

MD5Final
MD5Update
MD5Init

Exports

Exports

DebPrint
DebugTest
DoAssert
DoLogEvent
DoLogEventAndTrace
DoLogOverride
DoLogUnhandledError
DsGetEventConfig

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f8984e30c1766647d450ef0c7cf5f665

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

wldap32

rpcrt4

ntdll

netapi32

cryptdll

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 29B

.rsrc Size: 1KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 29B

.rsrc
Size: 1KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB