6024d9b056deae6491f5dc0f999b16e6f092501defb23b2eaf51bfdfe8f28058

Sharing

Copy URL Twitter E-mail

General

Target

6024d9b056deae6491f5dc0f999b16e6f092501defb23b2eaf51bfdfe8f28058
Size

1.8MB
MD5

6a62a310e1e4df6f781d2b01fa73130e
SHA1

0698b603d54e0899f2b539330aa0e31b32da1c3a
SHA256

6024d9b056deae6491f5dc0f999b16e6f092501defb23b2eaf51bfdfe8f28058
SHA512

e10741438312b62963139907e13539fb0b5ac9f863b2e9fb93bc00984f9eb7565e01fb84112eaa139e500df69d28e845588c4ac344dc37820a484c2f58317397
SSDEEP

24576:KqtKO0EusR2NBSRlWg8WXVtNLTUwWJ+6fV4zmE7E0H4UBztDjN1JrfzRKarLT6PF:Lz1z6ibbDjNvbRJfTks8

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

6024d9b056deae6491f5dc0f999b16e6f092501defb23b2eaf51bfdfe8f28058
.exe windows x86

c06661aaf7c4a3895480fec47490f6ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

shlwapi

PathAppendA
PathFileExistsA

comctl32

ImageList_Destroy
InitializeFlatSB
InitCommonControlsEx

ws2_32

gethostbyaddr
htons
select
closesocket
inet_ntoa
connect
socket
recv
send
gethostbyname
shutdown
bind
ntohl
gethostname
accept
WSACleanup
listen

dinput8

DirectInput8Create

d3d9

Direct3DCreate9

d3dx9_32

D3DXVec3Project
D3DXMatrixTranspose
D3DXMatrixPerspectiveFovRH
D3DXAssembleShader
D3DXLoadSurfaceFromSurface
D3DXVec3Unproject
D3DXLoadSurfaceFromMemory
D3DXCreateTexture
D3DXMatrixMultiply
D3DXMatrixLookAtRH
D3DXMatrixInverse
D3DXVec3Normalize

alut

alutCreateBufferFromFile
alutCreateBufferFromFileImage
alutExit
alutGetError
alutInitWithoutContext

openal32

alGenBuffers
alcMakeContextCurrent
alcCreateContext
alcOpenDevice
alcCloseDevice
alcDestroyContext
alDeleteSources
alGetSourcef
alSourcef
alDeleteBuffers
alSourcePause
alSourceStop
alBufferData
alGenSources
alSourcei
alSourcePlay
alGetSourcei

kernel32

IsValidCodePage
GetOEMCP
GetACP
SetHandleCount
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LCMapStringW
LCMapStringA
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapValidate
HeapWalk
GetCommandLineA
GetStartupInfoA
RaiseException
Sleep
CreateThread
GetUserDefaultUILanguage
SetErrorMode
SetUnhandledExceptionFilter
SuspendThread
ResumeThread
SetThreadPriority
TerminateThread
WaitForSingleObject
CreateEventA
SetEvent
CloseHandle
WriteFile
CreateFileA
GetCurrentDirectoryA
ExitProcess
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
GlobalFree
HeapDestroy
MultiByteToWideChar
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
GetLastError
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetComputerNameA
GetLocalTime
GetLocaleInfoA
GetCurrentThreadId
GetLogicalDrives
SetCurrentDirectoryA
GetFullPathNameA
FileTimeToSystemTime
GetDriveTypeA
SetFilePointer
CreateDirectoryA
GetFileAttributesA
GetDiskFreeSpaceExA
RemoveDirectoryA
GetFileAttributesExA
SetFileAttributesA
MoveFileA
DeleteFileA
GetDiskFreeSpaceA
FlushFileBuffers
FindFirstFileA
FindClose
FindNextFileA
CancelIo
GetFileInformationByHandle
FreeLibrary
LoadLibraryA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
CreateSemaphoreA
SetFilePointerEx
ReleaseSemaphore
GetFileSizeEx
IsBadReadPtr
GetVolumeInformationA
GetModuleFileNameA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThread
ResetEvent
OutputDebugStringA
GetThreadContext
IsBadWritePtr
ReadProcessMemory
SwitchToThread
SetLastError
lstrlenA
GetModuleHandleA
GetCurrentProcessId
lstrcpynA
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
CompareStringA
CompareStringW
WideCharToMultiByte
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
SetEnvironmentVariableA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
GlobalAlloc
VirtualQuery

user32

EnumChildWindows
GetScrollPos
DialogBoxIndirectParamA
MapWindowPoints
GetWindowRect
IsWindowVisible
BeginDeferWindowPos
DeferWindowPos
GetScrollInfo
SetPropA
RemovePropA
GetParent
GetPropA
SetScrollInfo
EndDeferWindowPos
ScrollWindowEx
ReleaseCapture
SetCapture
InvalidateRect
SendMessageA
CreateWindowExA
MapDialogRect
SetDlgItemInt
GetClassNameA
SetCursor
MoveWindow
LoadCursorA
EnableWindow
GetWindowTextA
OffsetRect
CallWindowProcA
AppendMenuA
DestroyMenu
TrackPopupMenu
CreatePopupMenu
DrawFocusRect
MessageBeep
GetFocus
CreateDialogIndirectParamA
EndPaint
BeginPaint
DrawIcon
DestroyIcon
DrawTextA
FillRect
GetClassLongA
DrawEdge
GetAsyncKeyState
SetRectEmpty
IsRectEmpty
PtInRect
IsChild
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
SystemParametersInfoA
GetDlgItemInt
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
SetFocus
ShowWindow
GetMessageA
SetDlgItemTextA
SetTimer
UpdateWindow
SetForegroundWindow
SetRect
SetWindowPos
AdjustWindowRect
MessageBoxA
PeekMessageA
TranslateMessage
SetWindowPlacement
GetWindowPlacement
GetClientRect
GetCursorPos
IsIconic
ShowCursor
GetWindowLongA
GetDC
ReleaseDC
SetWindowLongA
DefWindowProcA
GetActiveWindow
IsWindow
PostMessageA
RegisterWindowMessageA
UnregisterClassW
MessageBoxW
PostMessageW
RegisterClassW
RegisterClassExW
DispatchMessageW
LoadIconW
SendMessageW
LoadCursorW
DefWindowProcW
WaitMessage
FindWindowW
PeekMessageW
CreateWindowExW
LoadIconA
DestroyWindow
SetWindowTextA
IsWindowEnabled
GetDlgItem
DrawFrameControl
EndDialog
DispatchMessageA

gdi32

CreateSolidBrush
DeleteObject
MoveToEx
SetBkMode
CreatePen
LineTo
SetTextColor
Ellipse
StretchBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
TextOutA
GetTextMetricsA
Rectangle
GetStockObject

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

SHCreateDirectoryExA
SHGetFolderPathA
DuplicateIcon
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

OleUninitialize
OleInitialize
CoInitialize
CoUninitialize

dbghelp

SymInitialize
SymGetSymFromAddr
SymFunctionTableAccess
SymCleanup
StackWalk
SymGetOptions
SymGetModuleBase
SymSetOptions
SymLoadModule
SymGetLineFromAddr

Exports

Exports

_crsgGetHWSetup@4

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 63.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c06661aaf7c4a3895480fec47490f6ce

Headers

File Characteristics

Imports

winmm

shlwapi

comctl32

ws2_32

dinput8

d3d9

d3dx9_32

alut

openal32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dbghelp

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 142KB - Virtual size: 63.0MB

.rsrc Size: 5KB - Virtual size: 4KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 142KB - Virtual size: 63.0MB

.rsrc
Size: 5KB - Virtual size: 4KB

.UPX0
Size: 108KB - Virtual size: 260KB