629d0139a39a0ee8abebf86f1a76b06faa0dafa1146fdb5ee4556febcfe228a3

Sharing

Copy URL Twitter E-mail

General

Target

629d0139a39a0ee8abebf86f1a76b06faa0dafa1146fdb5ee4556febcfe228a3
Size

184KB
MD5

91f5ab5a7e4979718a22c3128777c760
SHA1

6647cc1e47c141000eaa4e2bb84596d167c19d56
SHA256

629d0139a39a0ee8abebf86f1a76b06faa0dafa1146fdb5ee4556febcfe228a3
SHA512

29e042d32af094a76747d3833f56b9dc0fe3fdad112f750282fd5bc614bac87b9ccc6632f7faee36a7fb9695e729b91910adc6f7805c66b9e3a828b03dcced8b
SSDEEP

3072:2NIB/vEQoOzndPZdjh7nmqhMdj9jHLg0iIvxiGEqotii45Ti0mLrYy0QISUn:26prbLd7jh7mt1snIvgGXoIigTiPL8BH

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

629d0139a39a0ee8abebf86f1a76b06faa0dafa1146fdb5ee4556febcfe228a3
.exe windows x86

a021f2a65f09447e62ce52ef08dd3042

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcstombs
strstr
_vsnprintf
_initterm
_ltoa
iswctype
wcstoul
_wcsupr
_wtol
_stricmp
mbstowcs
_wcslwr
wcscmp
wcscat
wcslen
wcscpy
sprintf
_wcsdup
wcsncpy
malloc
free
strtok
atoi
_itoa
strncpy
_wcsicmp
srand
time
rand
strchr
wcschr
_strnicmp
atol
isdigit

ntdll

RtlQueueWorkItem
RtlGetNtProductType
RtlTimeToSecondsSince1970
RtlLocalTimeToSystemTime
RtlTimeFieldsToTime
RtlDeleteTimerQueueEx
RtlUpdateTimer
RtlCreateTimer
RtlCreateTimerQueue
RtlQueryRegistryValues
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
RtlFreeUnicodeString
RtlCopyUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtCreateFile
NtClose
NtWaitForSingleObject
RtlNtStatusToDosError

advapi32

RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
LsaOpenPolicy
LsaNtStatusToWinError
LsaRetrievePrivateData
LsaFreeMemory
LsaClose
GetSidSubAuthority
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyA
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegQueryValueExA

dnsapi

DnsDhcpSrvRegisterTerm
DnsDhcpSrvRegisterInit
DnsDhcpSrvRegisterHostName
DnsSetConfigDword

kernel32

SetConsoleCtrlHandler
DeviceIoControl
InterlockedIncrement
CreateFileA
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetProcessShutdownParameters
WaitForMultipleObjectsEx
ResetEvent
PostQueuedCompletionStatus
FreeLibraryAndExitThread
GetSystemTime
GetSystemTimeAsFileTime
Sleep
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
MultiByteToWideChar
GetProcessHeap
QueryPerformanceCounter
WaitForSingleObject
InterlockedExchangeAdd
TryEnterCriticalSection
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetCurrentThread
QueueUserAPC
HeapCreate
HeapDestroy
DeleteCriticalSection
GetTickCount
GetComputerNameA
SetEvent
WaitForSingleObjectEx
DuplicateHandle
GetCurrentProcess
SetLastError
OpenProcess
lstrcatA
LocalReAlloc
GetWindowsDirectoryA
GetCurrentProcessId
HeapFree
GetLastError
HeapAlloc
LocalAlloc
LocalFree
lstrcmpiA
lstrcpyA
lstrlenA
ExpandEnvironmentStringsA
CloseHandle
FreeLibrary
CreateEventA
WideCharToMultiByte
VirtualAllocEx
DeleteFileW

mprapi

MprInfoBlockAdd
MprInfoDelete
MprInfoCreate
MprInfoDuplicate
MprAdminMIBEntrySet
MprAdminMIBServerDisconnect
MprAdminMIBServerConnect

netapi32

NetWkstaTransportEnum
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetApiBufferFree

ole32

CLSIDFromString

rasapi32

RasHangUpA
RasGetHport
RasGetEntryPropertiesA
RasGetSubEntryPropertiesA
RasSetEapUserDataA
RasGetSubEntryHandleA
RasDialA

rasman

RasFreeBuffer
RasPortCancelReceive
RasPortSetFraming
RasPortConnectComplete
RasPortGetBundle
RasAllocateRoute
RasDeAllocateRoute
RasPortSetProtocolCompression
RasActivateRoute
RasCompressionGetInfo
RasPortBundle
RasGetTimeSinceLastActivity
RasGetBuffer
RasPortSend
RasPortGetProtocolCompression
RasPortGetStatisticsEx
RasCompressionSetInfo
RasGetPortUserData
RasSetPortUserData
RasPortEnum
RasGetConnectInfo
RasGetInfo
RasPortListen
RasAddConnectionPort
RasPortClose
RasPortOpen
RasGetFramingCapabilities
RasPortSetFramingEx
RasSetConnectionUserData
RasBundleGetPort

rpcrt4

UuidCreate

rtutils

TraceRegisterExW
RouterLogRegisterW
TraceDeregisterW
RouterLogDeregisterW
RouterLogEventStringW
TracePrintfExA
LogEventW
RouterLogEventW
TracePutsExA
RouterLogDeregisterA
TraceDeregisterA
TraceRegisterExA
RouterLogRegisterA
RouterLogEventStringA
RouterLogEventA
TraceDumpExA
TraceVprintfExA
LogEventA

user32

wsprintfA
wsprintfW
CharToOemA
GetDC

msi

MsiInstallMissingFileW
MsiConfigureProductA
MsiProcessAdvertiseScriptW
MsiEnumComponentsW
MsiSourceListForceResolutionA
MsiDatabaseApplyTransformW
MsiGetComponentStateA
MsiDeleteUserDataW
MsiDeterminePatchSequenceA
MsiGetComponentPathA
MsiGetPropertyW
MsiGetLanguage
MsiOpenDatabaseW
MsiProvideComponentA
MsiMessageBoxExW
MsiEvaluateConditionW
MsiGetFileHashA
MsiSequenceA
MsiEnumComponentQualifiersW
MsiGetLastErrorRecord
MsiSourceListClearMediaDiskW
MsiEnumPatchesA
MsiDatabaseGetPrimaryKeysA
MsiDatabaseGetPrimaryKeysW
Migrate10CachedPackagesA
MsiConfigureProductExA
MsiSetPropertyW
MsiSourceListAddSourceExA
MsiGetFeatureValidStatesW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX0
Size: 512B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX2
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 512B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX4
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 135KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX5
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a021f2a65f09447e62ce52ef08dd3042

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

advapi32

dnsapi

kernel32

mprapi

netapi32

ole32

rasapi32

rasman

rpcrt4

rtutils

user32

msi

Sections

.text Size: 20KB - Virtual size: 20KB

UPX0 Size: 512B - Virtual size: 574B

UPX1 Size: 2KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 7KB

UPX2 Size: 3KB - Virtual size: 36KB

UPX3 Size: 512B - Virtual size: 41KB

UPX4 Size: 1024B - Virtual size: 29KB

.data Size: 135KB - Virtual size: 315KB

UPX5 Size: 3KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 20KB

UPX0
Size: 512B - Virtual size: 574B

UPX1
Size: 2KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 7KB

UPX2
Size: 3KB - Virtual size: 36KB

UPX3
Size: 512B - Virtual size: 41KB

UPX4
Size: 1024B - Virtual size: 29KB

.data
Size: 135KB - Virtual size: 315KB

UPX5
Size: 3KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB