5752aaae37d3d5628266d7bf123806bc9c4dad2302f24868007925385a9f6063

Sharing

Copy URL Twitter E-mail

General

Target

5752aaae37d3d5628266d7bf123806bc9c4dad2302f24868007925385a9f6063
Size

315KB
MD5

77e6e228f4311d8c1124d09915c79a7f
SHA1

f16e5158389e06f4966785ae93e9b63ac7803f74
SHA256

5752aaae37d3d5628266d7bf123806bc9c4dad2302f24868007925385a9f6063
SHA512

89862e55040d5f6d8d9012d3051ce1b9a897191b951225022b294b28285b8b345f0cae432ca43870ad8ac5f42096c4a33f8a0ca88e22262ba118c97bc68c0c0b
SSDEEP

6144:00g6FyNO3/kekjuXqJvnf/O3/O3qVXuGhr9MpqSfH:0PNEnkjLxf/EACuaoqSfH

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

5752aaae37d3d5628266d7bf123806bc9c4dad2302f24868007925385a9f6063
.exe windows x86

3a2d551dd36ee42b9f46d59bb3ec427b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_cexit
_except_handler3
__setusermatherr
_XcptFilter
_exit
_c_exit
wcscpy
_wcsicmp
free
_ftol
malloc

advapi32

InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
CheckTokenMembership
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation

kernel32

lstrlenW
GetSystemWindowsDirectoryW
LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
GetProcAddress
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
CreateMutexW
SetLastError
GetCommandLineW
GetWindowsDirectoryW
lstrcmpW
ExitProcess
GetVersionExW
GetModuleHandleA
GetStartupInfoA
GetNumberFormatW
lstrcpyW
lstrcatW
LoadLibraryA

gdi32

CreateFontIndirectW
CreatePenIndirect
SetTextColor
BitBlt
SetBkColor
CreateSolidBrush
CreateCompatibleDC
DeleteDC
TextOutW
GetTextMetricsW
SetBkMode
RealizePalette
SelectPalette
GetObjectW
StretchBlt
CreateBitmap
CreateRoundRectRgn
SetMapMode
Polyline
DeleteObject
SelectObject

user32

FindWindowW
MapVirtualKeyW
GetAsyncKeyState
GetMenu
SetTimer
SendMessageW
GetDlgItem
EndDialog
LoadStringW
EnableWindow
MessageBoxW
DialogBoxParamW
IsWindow
GetKeyboardLayout
GetWindowThreadProcessId
wsprintfW
CheckDlgButton
GetClientRect
DestroyWindow
InvalidateRect
WinHelpW
GetKeyboardType
SetClassLongW
RegisterClassW
GetClassInfoW
LoadCursorW
CreateWindowExW
GetSystemMetrics
SetWindowPos
SetWindowLongW
GetKeyState
wsprintfA
DrawIconEx
LoadImageW
SetWindowRgn
ToUnicodeEx
LoadIconW
GetWindowLongW
GetSysColor
ReleaseDC
GetDC
MapVirtualKeyExW
CloseDesktop
GetUserObjectInformationW
OpenDesktopW
OpenInputDesktop
PostMessageW
SetThreadDesktop
GetThreadDesktop
EndPaint
BeginPaint
DefWindowProcW
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
CloseWindowStation
MoveWindow
GetDesktopWindow
GetWindowRect
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
ShowWindow
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
RegisterWindowMessageW
KillTimer
EnableMenuItem
CheckMenuRadioItem
CheckMenuItem
ReleaseCapture
SetCapture
SetCursor
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
PostQuitMessage
SendInput
ActivateKeyboardLayout

msswch

ord8
ord13
ord12
ord11
ord9
ord1
ord14
ord10

comdlg32

ChooseFontW

winmm

PlaySoundW

shell32

ord258
ShellExecuteW

comctl32

ord17

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3a2d551dd36ee42b9f46d59bb3ec427b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

msswch

comdlg32

winmm

shell32

comctl32

ole32

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 11KB - Virtual size: 11KB

.rsrc Size: 90KB - Virtual size: 89KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 90KB - Virtual size: 89KB

.UPX0
Size: 108KB - Virtual size: 260KB