a8bc14af615aebc3d5e48c8e1085d6dcf294fa36d55298a5051cb47f9fceab21

Sharing

Copy URL Twitter E-mail

General

Target

a8bc14af615aebc3d5e48c8e1085d6dcf294fa36d55298a5051cb47f9fceab21
Size

374KB
MD5

61c22fa0a607b4524acec2ab0bd6ecc0
SHA1

568c3c7dc3f8ca7ef687fc4dcb8c517f95f4e127
SHA256

a8bc14af615aebc3d5e48c8e1085d6dcf294fa36d55298a5051cb47f9fceab21
SHA512

a059edb749eed534f401e6ae404c59ffcc8fda8364ddbd9c1945f9db3ec62fde6a63f9639718e20c6fd94e5f6be61f817a187dba06af3211630f8062b405892b
SSDEEP

6144:ppP2v2v+0tyRT5OrjmeWXuxReg/WIcbNHre1QbvN+:p12vq+0tyx8rjmeWXuxRMIANHi

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a8bc14af615aebc3d5e48c8e1085d6dcf294fa36d55298a5051cb47f9fceab21
.exe windows x86

c1a59d28dd8b3008d2636281bc24da90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

mpr

WNetGetConnectionW
WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

ole32

CoUninitialize
CoCreateInstance
CoInitialize

kernel32

GetModuleHandleW
GetStartupInfoW
RtlUnwind
GlobalGetAtomNameW
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
SetErrorMode
GlobalAddAtomW
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
HeapAlloc
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetModuleFileNameA
VirtualAlloc
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetModuleFileNameW
GetDriveTypeA
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
lstrcmpiW
GetPrivateProfileIntW
CreateFileMappingW
ExitProcess
lstrlenW
GetTimeFormatW
LocalAlloc
LocalFree
lstrcmpW
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GetACP
MultiByteToWideChar
GlobalUnlock
GlobalFree
GetTempPathW
GetWindowsDirectoryW
GetDateFormatW
DeleteFileW
SetCurrentDirectoryW
GetSystemDirectoryW
CreateFileW
CloseHandle
GetPrivateProfileStringW
CreateDirectoryExW
GetLastError
FindFirstFileW
FindClose
SetLastError
lstrcpyW
lstrcatW
GetModuleHandleA
FindResourceA
GetProfileStringA
GetVolumeInformationW
GetFullPathNameW
MoveFileW
FlushFileBuffers
WritePrivateProfileStringW
GetCurrentDirectoryW
LoadLibraryA
GetVersionExW
GetProcessVersion
TlsGetValue
GetProcAddress
FreeLibrary
EnterCriticalSection
LocalReAlloc
TlsSetValue
GlobalReAlloc
LeaveCriticalSection
TlsAlloc
GlobalHandle
DeleteCriticalSection
GlobalFlags
InitializeCriticalSection
SizeofResource
GetStringTypeW
GlobalAddAtomA
lstrcpynW
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
FindNextFileW
FormatMessageW
lstrlenA
InterlockedIncrement
InterlockedDecrement
MulDiv
GetVersion
GetCurrentThreadId
LockResource
FindResourceW
LoadResource
SetFilePointer
WideCharToMultiByte
WriteFile
GlobalMemoryStatus
GetDiskFreeSpaceW
SetHandleCount
GetStdHandle
HeapDestroy

user32

PtInRect
GetClassNameW
GetDesktopWindow
GetMessageW
ClientToScreen
GetSysColorBrush
LoadCursorW
InvalidateRect
OffsetRect
DestroyMenu
ReleaseCapture
CharUpperW
SetRectEmpty
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
SetMenu
ReuseDDElParam
UnpackDDElParam
WindowFromPoint
IntersectRect
InflateRect
ShowOwnedPopups
PostQuitMessage
BringWindowToTop
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
SetWindowTextW
IsDialogMessageW
LoadStringW
GetDlgItemTextW
PostMessageW
SendDlgItemMessageA
SystemParametersInfoW
MapWindowPoints
GetSysColor
PeekMessageW
DispatchMessageW
GetFocus
TranslateMessage
EqualRect
DeferWindowPos
CopyRect
EndDeferWindowPos
IsWindowVisible
ScreenToClient
ScrollWindow
SetScrollInfo
ShowScrollBar
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextW
GetDlgCtrlID
GetKeyState
DefWindowProcW
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetLastActivePopup
GetForegroundWindow
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetWindow
GetWindowRect
ValidateRect
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetParent
GetWindowLongW
GetDlgItem
IsWindowEnabled
ExitWindowsEx
UpdateWindow
wsprintfW
FindWindowW
SetForegroundWindow
IsIconic
GetSystemMetrics
GetClientRect
SendMessageW
CharNextW
EnableWindow
LoadIconW
DrawIcon
GetCursorPos
MessageBoxW
SetCursor
SetFocus
AdjustWindowRectEx
GetMenu
BeginDeferWindowPos
GetWindowLongA
SetWindowLongA
GetClassNameA
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
DrawFocusRect
GetClassInfoA
CharNextA
DefDlgProcA
RemovePropA
UnregisterClassW
GetWindowTextLengthA
GetPropA
SetPropA
SetWindowsHookExA
CallWindowProcA
IsWindowUnicode
SendMessageA
DefWindowProcA

gdi32

ExtTextOutA
GetTextExtentPointA
DeleteDC
CreateBitmap
GetObjectW
SetBkColor
BitBlt
CreateCompatibleDC
CreateDIBitmap
SelectObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
IntersectClipRect
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutW
Escape
TextOutW
SaveDC
PatBlt
RestoreDC
GetStockObject
SetTextColor

comdlg32

GetSaveFileNameW

winspool.drv

DocumentPropertiesW
EnumPortsW
ClosePrinter
SetPrinterW
GetPrinterW
OpenPrinterW
EnumPrintersW
GetPrinterDriverDirectoryW

advapi32

RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
LockServiceDatabase
ChangeServiceConfigW
UnlockServiceDatabase
ControlService
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
OpenSCManagerW
RegCloseKey
RegQueryValueExW
EnumServicesStatusW
RegCreateKeyExW
RegQueryInfoKeyW
RegSetValueExW
CloseServiceHandle

shell32

DragFinish
DragQueryFileW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHChangeNotify

comctl32

ord17
ImageList_Destroy

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1a59d28dd8b3008d2636281bc24da90

Headers

File Characteristics

Imports

version

mpr

ole32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 18KB - Virtual size: 36KB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 34KB - Virtual size: 33KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 18KB - Virtual size: 36KB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 34KB - Virtual size: 33KB

.UPX0
Size: 104KB - Virtual size: 252KB