dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26

Sharing

Copy URL

Twitter E-mail

General

Target

dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26
Size

224KB
MD5

2b76654e120996f5d6a7eca2ccaf4cd3
SHA1

33cf25419948b244bc082f1cefd949dc2ac96ec2
SHA256

dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26
SHA512

24b96e4e7026695ee62b2b92402cbfbb8d205888c195938bd1c16cc7f2c321b8ba66e2d389b124c2f5629c9e484f066f2b2cbce339e8ed6fd4c780054bd15a2f
SSDEEP

3072:LJZ5h3uc6z/TBdSITmxrT7fsVwiMAQHp8EQreRpYlutDlemSLH4x:lZOtz2ITc6Yp8EQreQGB

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26
.exe regsvr32 windows x86

81eba779af336d9c8492a6b8f93b8790

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Sleep
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TerminateThread
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReadFile
MultiByteToWideChar
MoveFileA
LocalFree
LocalFileTimeToFileTime
LocalAlloc
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
GetWindowsDirectoryA
GetVolumeInformationW
GetVolumeInformationA
GetVersionExA
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetComputerNameA
GetCPInfo
GetACP
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeviceIoControl
DeleteFileA
DeleteCriticalSection
CreateMutexA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

ole32

CoTaskMemFree
CoCreateGuid
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID
CoTaskMemFree
StringFromCLSID

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
RegisterTypeLib
LoadTypeLib
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
Shell_NotifyIconW

user32

CreateWindowExA
UnregisterClassA
SetWindowLongA
SetTimer
SetForegroundWindow
RegisterClassA
PostThreadMessageA
PostMessageA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
LoadIconA
KillTimer
GetWindowLongA
GetSystemMetrics
GetForegroundWindow
GetClassInfoA
DestroyWindow
DefWindowProcA
CharNextA
CharUpperBuffA
CharToOemA
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA

wininet

InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InitEntry0

Sections

UPX0
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

81eba779af336d9c8492a6b8f93b8790

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shell32

user32

wininet

Exports

Exports

Sections

UPX0 Size: 216KB - Virtual size: 216KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 5KB - Virtual size: 8KB

UPX0
Size: 216KB - Virtual size: 216KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 5KB - Virtual size: 8KB