5bbc6e5a4ec88adf15b43ce043de9315b098af7a457bfd43ec12495263926803

Sharing

Copy URL Twitter E-mail

General

Target

5bbc6e5a4ec88adf15b43ce043de9315b098af7a457bfd43ec12495263926803
Size

592KB
MD5

1021341a1b9e7ae9fbb82f30ee786f05
SHA1

4cb66729ca359f472890e956efa5e3755a0dd5ce
SHA256

5bbc6e5a4ec88adf15b43ce043de9315b098af7a457bfd43ec12495263926803
SHA512

e36f883ff10063ea45f00c605eabbf12a427319b7cbf3130051d0095a308cecbed43d7ad49712b08550f0085320d8164cbe7b37c494de565ed71f549dbed3665
SSDEEP

12288:Kfr3ZXbpm3PAAqWkiGpUkpp3WwTYK5/7+XST5l:KbiGBp4wTYK5aXO5

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

5bbc6e5a4ec88adf15b43ce043de9315b098af7a457bfd43ec12495263926803
.exe windows x86

66a27f48f48603204f9bad72245b3e95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

select
gethostname
inet_addr
WSAStartup
htonl
bind
socket
__WSAFDIsSet
recv
send
WSAGetLastError
getsockname
getpeername
gethostbyname
accept
setsockopt
closesocket
listen
ioctlsocket
htons
connect
inet_ntoa
shutdown
WSACleanup

kernel32

GetLogicalDriveStringsA
GetComputerNameA
GetVersionExA
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
GlobalDeleteAtom
GlobalAddAtomA
SystemTimeToFileTime
LockResource
LoadResource
SizeofResource
FindResourceA
CreateMutexA
OpenProcess
GetModuleFileNameA
SetProcessShutdownParameters
GetModuleHandleA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
SetHandleCount
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
SetUnhandledExceptionFilter
HeapSize
TlsFree
SetLastError
SetErrorMode
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
CreateThread
ExitThread
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ResumeThread
TlsAlloc
GetCurrentProcess
GetCurrentThread
DuplicateHandle
TlsSetValue
SetThreadPriority
TlsGetValue
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentStringsW
GetTimeZoneInformation
InterlockedExchange
VirtualQuery
FindFirstFileA
FindNextFileA
FindClose
SetFileTime
CreateDirectoryA
ReadFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
GetCurrentThreadId
UnmapViewOfFile
GetCurrentProcessId
AllocConsole
DeleteFileA
MoveFileA
CreateFileA
SetFilePointer
SetEndOfFile
OutputDebugStringA
GetStdHandle
WriteConsoleA
WriteFile
CloseHandle
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
VirtualProtect
GetSystemInfo
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
QueryPerformanceCounter
GetTickCount
IsBadWritePtr

user32

TrackPopupMenu
SetMenuDefaultItem
GetSubMenu
CheckMenuItem
GetMenuState
LoadMenuA
LoadIconA
ExitWindowsEx
GetUserObjectInformationA
GetProcessWindowStation
TranslateMessage
GetMessageA
UnhookWindowsHookEx
GetClientRect
GetCursor
GetUpdateRgn
CallNextHookEx
SetWindowsHookExA
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
PeekMessageA
WaitMessage
DispatchMessageA
SetClipboardViewer
GetClipboardOwner
GetClipboardData
PostQuitMessage
EnumWindows
GetPropA
IsWindowVisible
SetPropA
GetMenuItemID
ChangeClipboardChain
KillTimer
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawIconEx
GetIconInfo
ChangeDisplaySettingsA
EnumDesktopWindows
SystemParametersInfoA
FindWindowA
RegisterWindowMessageA
GetCursorPos
mouse_event
IntersectRect
GetKeyboardState
keybd_event
SetTimer
GetForegroundWindow
GetWindowThreadProcessId
SetActiveWindow
MessageBeep
FlashWindow
DialogBoxParamA
SetForegroundWindow
EndDialog
EnumDisplaySettingsA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetDC
WindowFromPoint
RemovePropA
EnableMenuItem
GetClassNameA
GetSystemMetrics
ReleaseDC
GetDesktopWindow
EqualRect
IsRectEmpty
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetWindowLongA
GetCapture
ClientToScreen
LoadCursorA
SetCursor
BeginPaint
FillRect
EndPaint
SetCapture
ClipCursor
PostMessageA
DefWindowProcA
ReleaseCapture
GetWindowPlacement
SetWindowPos
UpdateWindow
OffsetRect
SetWindowRgn
SetRect
InflateRect
PtInRect
GetWindowRgn
InvalidateRgn
GetWindowRect
ShowWindow
DestroyWindow
MessageBoxA
SendMessageA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
EnableWindow
OpenDesktopA

gdi32

GetObjectA
GetBitmapBits
GetStockObject
GdiFlush
BitBlt
CreateDIBSection
SelectObject
CreatePalette
SelectPalette
RealizePalette
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
GetDIBits
CreateDCA
ExtEscape
DeleteDC
GetSystemPaletteEntries
CreateHatchBrush
CreateSolidBrush
CreateRectRgnIndirect
CombineRgn
GetRegionData
DeleteObject
CreateRectRgn

advapi32

GetUserNameA
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegCloseKey

shell32

Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Exports

Exports

SetHook
SetKeyboardFilterHook
SetKeyboardPriorityHook
SetKeyboardPriorityLLHook
SetMouseFilterHook
SetMousePriorityHook
SetMousePriorityLLHook
UnSetHook

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66a27f48f48603204f9bad72245b3e95

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 231KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 17KB

.SharedD Size: 4KB - Virtual size: 68B

.rsrc Size: 52KB - Virtual size: 50KB

.UPX Size: 240KB - Virtual size: 240KB

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 17KB

.SharedD
Size: 4KB - Virtual size: 68B

.rsrc
Size: 52KB - Virtual size: 50KB

.UPX
Size: 240KB - Virtual size: 240KB