66ac2607dbdf5ec451dba6462e22583876c77ac4f31062acb143d83bf41df06d

Sharing

Copy URL

Twitter E-mail

General

Target

66ac2607dbdf5ec451dba6462e22583876c77ac4f31062acb143d83bf41df06d
Size

343KB
MD5

78cd714d8a1b55e2438e37b64f711860
SHA1

2868ca357c12ae164f36842bcf2a49f8a0e5ab98
SHA256

66ac2607dbdf5ec451dba6462e22583876c77ac4f31062acb143d83bf41df06d
SHA512

c53d0364f68ada0f88d2c9b1bbe8addd5836b4bb81ca1a8a6e150f324e3291817e138d2d1a1203dc147cffde5e0f70df960759ce2dd5e5089a939f29de334391
SSDEEP

6144:ozb3wQIVETseubZ48Rek00IHersvgIKUO1wmfr7n9mL/tn4tTLOhn:KzpTBD8RekRI+gvjoXfrEt4tT

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

66ac2607dbdf5ec451dba6462e22583876c77ac4f31062acb143d83bf41df06d
.exe windows x86

cfe71626d9a494294a880d2b0eefe25b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetVersionExW
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte

mingwm10

__mingwthr_key_dtor

msvcrt

_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
_snwprintf
abort
atexit
exit
fclose
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
localeconv
malloc
memchr
memmove
rand
realloc
signal
sprintf
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strstr
strtol
wcschr
wcslen

shell32

SHGetFolderPathA

libgcc_s_dw2-1

_Unwind_DeleteException
_Unwind_GetDataRelBase
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__deregister_frame_info
__emutls_get_address
__register_frame_info
__udivdi3
__umoddi3

qtcore4

_Z5qFreePv
_Z5qrandv
_Z6qDebugPKcz
_Z6qsrandj
_ZN10QByteArray7reallocEi
_ZN10QByteArrayC1EPKc
_ZN10QTextCodec12codecForNameERK10QByteArray
_ZN10QTextCodec17setCodecForLocaleEPS_
_ZN10QTextCodec4cftrE
_ZN14QReadWriteLock11lockForReadEv
_ZN14QReadWriteLock12lockForWriteEv
_ZN14QReadWriteLock6unlockEv
_ZN14QReadWriteLockC1Ev
_ZN14QReadWriteLockD1Ev
_ZN16QCoreApplication18applicationDirPathEv
_ZN16QCoreApplication4execEv
_ZN16QCoreApplication9argumentsEv
_ZN16QCoreApplicationC1ERiPPc
_ZN16QCoreApplicationD1Ev
_ZN4QDir8homePathEv
_ZN4QDirC1ERK7QString
_ZN4QDirD1Ev
_ZN5QCharC1Ec
_ZN5QFile11permissionsERK7QString
_ZN5QFile11setFileNameERK7QString
_ZN5QFile14setPermissionsERK7QString6QFlagsINS_10PermissionEE
_ZN5QFile4copyERK7QStringS2_
_ZN5QFile4linkERK7QStringS2_
_ZN5QFile4openE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN5QFile5closeEv
_ZN5QFile5flushEv
_ZN5QFile6existsERK7QString
_ZN5QFile6removeERK7QString
_ZN5QFile6renameERK7QStringS2_
_ZN5QFileC1Ev
_ZN5QFileD1Ev
_ZN5QTime11currentTimeEv
_ZN5QTimeC1Eiiii
_ZN7QObject10childEventEP11QChildEvent
_ZN7QObject10startTimerEi
_ZN7QObject11customEventEP6QEvent
_ZN7QObject11eventFilterEPS_P6QEvent
_ZN7QObject11qt_metacallEN11QMetaObject4CallEiPPv
_ZN7QObject11qt_metacastEPKc
_ZN7QObject13connectNotifyEPKc
_ZN7QObject16disconnectNotifyEPKc
_ZN7QObject16staticMetaObjectE
_ZN7QObject5eventEP6QEvent
_ZN7QObject7connectEPKS_PKcS1_S3_N2Qt14ConnectionTypeE
_ZN7QObjectC2EPS_
_ZN7QObjectD2Ev
_ZN7QString11shared_nullE
_ZN7QString13fromLocal8BitEPKci
_ZN7QString14fromWCharArrayEPKwi
_ZN7QString16codecForCStringsE
_ZN7QString16fromAscii_helperEPKci
_ZN7QString4freeEPNS_4DataE
_ZN7QString4growEi
_ZN7QString6appendERKS_
_ZN7QString7reallocEi
_ZN7QString7replaceE5QCharRKS_N2Qt15CaseSensitivityE
_ZN7QString7replaceERKS_S1_N2Qt15CaseSensitivityE
_ZN7QString7sprintfEPKcz
_ZN7QString8fromUtf8EPKci
_ZN7QString9fromAsciiEPKci
_ZN7QStringaSERKS_
_ZN8QProcess13startDetachedERK7QString
_ZN8QProcess7executeERK7QString
_ZN8QVariantC1EPKc
_ZN8QVariantC1ERK7QString
_ZN8QVariantC1Ei
_ZN8QVariantC1EiPKvj
_ZN8QVariantC1Ej
_ZN8QVariantC1Ex
_ZN8QVariantD1Ev
_ZN8QVariantaSERKS_
_ZN9QDateTime10fromStringERK7QStringS2_
_ZN9QDateTime10fromTime_tEj
_ZN9QDateTime15currentDateTimeEv
_ZN9QDateTimeD1Ev
_ZN9QFileInfo7setFileERK7QString
_ZN9QFileInfoC1ERK7QString
_ZN9QFileInfoC1ERKS_
_ZN9QFileInfoC1Ev
_ZN9QFileInfoD1Ev
_ZN9QFileInfoaSERKS_
_ZN9QIODevice5writeEPKc
_ZN9QListData11shared_nullE
_ZN9QListData6appendEv
_ZN9QListData7detach3Ev
_ZNK10QTextCodec9toUnicodeEPKc
_ZNK4QDir13entryInfoListE6QFlagsINS_6FilterEES0_INS_8SortFlagEE
_ZNK4QDir5mkdirERK7QString
_ZNK4QDir6existsEv
_ZNK4QDir6mkpathERK7QString
_ZNK4QDir9entryListE6QFlagsINS_6FilterEES0_INS_8SortFlagEE
_ZNK5QFile4sizeEv
_ZNK5QTime6secsToERKS_
_ZNK7QString11lastIndexOfERKS_iN2Qt15CaseSensitivityE
_ZNK7QString11toLocal8BitEv
_ZNK7QString12toWCharArrayEPw
_ZNK7QString4leftEi
_ZNK7QString5toIntEPbi
_ZNK7QString6toUIntEPbi
_ZNK7QString6toUtf8Ev
_ZNK7QString7toAsciiEv
_ZNK7QString8endsWithERK5QCharN2Qt15CaseSensitivityE
_ZNK7QString8endsWithERKS_N2Qt15CaseSensitivityE
_ZNK7QStringeqERK13QLatin1String
_ZNK7QStringeqERKS_
_ZNK8QVariant5toIntEPb
_ZNK8QVariant6isNullEv
_ZNK8QVariant6toBoolEv
_ZNK8QVariant6toUIntEPb
_ZNK8QVariant8toStringEv
_ZNK9QDateTime8toStringERK7QString
_ZNK9QDateTime8toTime_tEv
_ZNK9QFileInfo5isDirEv
_ZNK9QFileInfo6existsEv
_ZNK9QFileInfo8fileNameEv
_ZNK9QFileInfo8readLinkEv
_ZNK9QFileInfo9isSymLinkEv

qtnetwork4

_ZN12QLocalServer6listenERK7QString
_ZN12QLocalServerC1EP7QObject

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfe71626d9a494294a880d2b0eefe25b

Headers

File Characteristics

Imports

kernel32

mingwm10

msvcrt

shell32

libgcc_s_dw2-1

qtcore4

qtnetwork4

Sections

.text Size: 175KB - Virtual size: 175KB

.data Size: 33KB - Virtual size: 33KB

.rdata Size: 16KB - Virtual size: 16KB

.bss Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 33KB - Virtual size: 33KB

.rdata
Size: 16KB - Virtual size: 16KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.UPX0
Size: 108KB - Virtual size: 260KB