e69fb9ce5624f9c8e3753ca764318aad91bbdcb93e496051e27d3227fba56b77

Sharing

Copy URL Twitter E-mail

General

Target

e69fb9ce5624f9c8e3753ca764318aad91bbdcb93e496051e27d3227fba56b77
Size

324KB
MD5

1c6936c38f984446a37ce0a664fcc6b1
SHA1

2ba8c347d4d3b5692a2e4d06b9e3a085636c5a84
SHA256

e69fb9ce5624f9c8e3753ca764318aad91bbdcb93e496051e27d3227fba56b77
SHA512

cb209f0013bc793eea7330968f85e8d91e2bb7c3f47f309e9d02b58d527ff6041ee81a6d6a832a93839f0c4df075e7cd5ea12124d222dbb6584dfe0ae02788c4
SSDEEP

6144:W32TBguxAlg6YCbOMOcuFpqB1RWFhlei465obqIV9yqImhx4Pt:WA5xAlg6YCbOLIBHHtVJIX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

e69fb9ce5624f9c8e3753ca764318aad91bbdcb93e496051e27d3227fba56b77
.exe windows x86

f3f3cb227b41be477e3670e4a3744e1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
FindFirstFileA
WaitForSingleObject
GetCurrentThreadId
CreateFileA
lstrcpyA
OutputDebugStringA
FormatMessageA
Sleep
GetVersionExA
CreateThread
CreateEventA
GlobalDeleteAtom
GlobalGetAtomNameA
GetModuleHandleA
SetEvent
GlobalAddAtomA
GetCommandLineA
ExitProcess
CloseHandle
FreeLibrary
GetShortPathNameA
LoadLibraryA
SetErrorMode
CreateDirectoryA
GetFileAttributesA
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindNextFileA
FindClose
GetPrivateProfileIntA
LocalAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
WideCharToMultiByte
lstrlenA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcmpiA
lstrlenW
MultiByteToWideChar
GetTickCount
DeleteCriticalSection
RaiseException
GetProcAddress
GetSystemTimeAsFileTime

user32

GetWindowLongA
DefWindowProcA
TranslateMessage
DispatchMessageA
PostMessageA
UnregisterClassA
CharNextA
wsprintfA
LoadStringA
CreateWindowExA
RegisterClassA
LoadCursorA
GetMessageA
PostThreadMessageA
CharUpperA
DestroyWindow
RegisterWindowMessageA
FindWindowA
MessageBoxA

winspool.drv

EnumJobsA
OpenPrinterA
SetJobA
SetPrinterA
ClosePrinter

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VarBstrCat
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
LoadRegTypeLi
LoadTypeLi
VarBstrCmp
VariantInit
VariantClear
VariantCopy
DispCallFunc
SetErrorInfo
SysStringLen
CreateErrorInfo

atl80

ord31
ord11
ord10
ord64
ord22
ord18
ord23
ord61
ord58
ord32
ord25
ord30
ord17
ord20

msvcr80

_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
?terminate@@YAXXZ
_except_handler4_common
_chdrive
_chdir
_getcwd
isxdigit
iswctype
toupper
_recalloc
memset
atol
_wcsicmp
sprintf_s
_mbstok_s
atoi
calloc
memmove_s
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_ltoa_s
strcat_s
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memcpy_s
_mbsicmp
_mbschr
??2@YAPAXI@Z
_resetstkoflw
malloc
_purecall
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_ismbcspace
??3@YAXPAX@Z
free
_CxxThrowException
__CxxFrameHandler3
_mbsnbcpy_s
strcpy_s

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3f3cb227b41be477e3670e4a3744e1a

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

ole32

oleaut32

atl80

msvcr80

msvcp80

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 20KB - Virtual size: 17KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 17KB

UPX0
Size: 144KB - Virtual size: 380KB