810c14b6f985e32b4e9cd98e5331e09c8bc54d631431022614547ea825d02409

Sharing

Copy URL Twitter E-mail

General

Target

810c14b6f985e32b4e9cd98e5331e09c8bc54d631431022614547ea825d02409
Size

925KB
MD5

7ccf2effac878da2487341bfc30b6f60
SHA1

57b2f44970a1f0dc934c1fd83004924fafb6b5e3
SHA256

810c14b6f985e32b4e9cd98e5331e09c8bc54d631431022614547ea825d02409
SHA512

ee3a44a8fb7ea1977c83555e07531a550de39278a14b18bcbd616f73612c9c5e286d7867cabb6493b6a7c8b479d1c61adb95106a4f2935ac147d2beadfa43556
SSDEEP

24576:txGutn70ZTJqnhNYxhzN3oU+7+O3OIsuOqinQk:/G4cTJqn1+OX1ObnQk

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

810c14b6f985e32b4e9cd98e5331e09c8bc54d631431022614547ea825d02409
.exe windows x86

43467bab58091396e54cd8edc93c68f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
CryptReleaseContext
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorLength
IsValidSecurityDescriptor
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptEncrypt
CryptDuplicateKey
CryptDecrypt
CryptImportKey
CryptGenKey
CryptGetUserKey
CryptGenRandom
CryptSetKeyParam
CopySid
GetLengthSid
GetTokenInformation
LookupAccountSidW
OpenProcessToken
CryptGetProvParam
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegCreateKeyW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
CryptSetProvParam
CryptVerifySignatureW
RegOpenKeyW
CryptExportKey
CryptDuplicateHash
CryptSetHashParam
CryptGetKeyParam
CryptSignHashW
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSecurityDescriptorDacl
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorControl
ConvertStringSidToSidW
LookupAccountNameW
MakeSelfRelativeSD
MakeAbsoluteSD
OpenThreadToken
FreeSid
CheckTokenMembership
DuplicateToken
AllocateAndInitializeSid
LsaClose
LsaFreeMemory
LsaOpenPolicy
ConvertSidToStringSidW
CryptGetDefaultProviderW
CryptEnumProvidersA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
CryptContextAddRef
RegConnectRegistryW
LsaRetrievePrivateData
LsaStorePrivateData
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessAllowedAce
InitializeSecurityDescriptor
SetNamedSecurityInfoW
InitializeAcl
AddAce

kernel32

FindFirstFileW
FindNextFileW
FindClose
GetFullPathNameW
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCurrentThread
HeapSetInformation
WriteFile
MultiByteToWideChar
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
Sleep
InterlockedExchange
DelayLoadFailureHook
GetSystemInfo
CompareStringW
LoadLibraryExW
GetSystemDirectoryW
LockResource
LoadResource
FindResourceW
GetTimeFormatW
RemoveDirectoryW
GetConsoleOutputCP
FileTimeToLocalFileTime
GetEnvironmentVariableA
WideCharToMultiByte
GetACP
WriteConsoleW
VirtualAlloc
VirtualFree
lstrlenW
SetEvent
InterlockedDecrement
CreateEventW
ResetEvent
InterlockedIncrement
GetProfileStringA
LoadLibraryExA
GetCommandLineW
FindResourceExW
GetLocaleInfoW
LoadLibraryA
InterlockedCompareExchange
VerSetConditionMask
VerifyVersionInfoW
EnterCriticalSection
SetConsoleCtrlHandler
LeaveCriticalSection
GetVersionExW
GetTickCount
GetComputerNameW
CreateDirectoryW
FoldStringW
UnmapViewOfFile
MapViewOfFile
GetDateFormatW
CreateFileMappingW
GetComputerNameExW
CreateFileW
GetFileSize
SetFilePointer
ReadFile
LoadLibraryW
DecodePointer
EncodePointer
GetFileAttributesExW
GetCurrentProcess
GetEnvironmentVariableW
GetTempFileNameW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
OpenEventW
PulseEvent
GetModuleHandleW
LocalReAlloc
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetSystemDefaultLangID
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
DeleteFileW
lstrcmpiW
GetProcAddress
SetLastError
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
GetSystemTime
SystemTimeToFileTime
lstrcmpW
CompareFileTime
FreeLibrary
LocalAlloc
GetSystemTimeAsFileTime
GetFileAttributesW
LocalFree
SearchPathW

msvcrt

_wgetenv
getenv
_wsetlocale
atoi
fgetc
_wfopen
fgetws
wcstoul
fwrite
ftell
sscanf
strspn
strpbrk
bsearch
vfwprintf
__iob_func
??1type_info@@UAE@XZ
isxdigit
_controlfp
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
malloc
_callnewh
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_errno
__CxxFrameHandler
_ultow
_purecall
wcsncmp
_wcsnicmp
_wcslwr
_swab
fopen
fgets
strchr
strstr
fputs
fseek
strcspn
ferror
fclose
fprintf
_strlwr
qsort
strncmp
atol
isdigit
_vsnprintf
_wcsicmp
_wtoi
_stricmp
swscanf
_strnicmp
_fileno
_setmode
wcscspn
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsstr
wcsspn
_iob
fflush
_fgetwchar
_CxxThrowException
iswdigit
wcsrchr
_vsnwprintf
wcschr
wcstok
memcpy
memmove
memset
iswspace
__isascii
iswalpha
_wtol
iswxdigit
gmtime
feof

certcli

ord217
ord225
ord223
ord254
ord207
ord206
ord213
CACloseCertType
CAFreeCertTypeProperty
CAGetCertTypeProperty
CAFindCertTypeByName
CAFreeCertTypeExtensions
CAGetCertTypeExtensions
CAGetCertTypeExpiration
CAGetCertTypeKeySpec
CAGetCertTypePropertyEx
CAGetCertTypeFlagsEx
CAUpdateCA
ord242
ord211
ord208
ord252
ord255
ord253
ord205
ord203
ord215
ord260
ord247
ord210
CACreateNewCA
CASetCAProperty
CASetCAFlags
CASetCACertificate
CASetCASecurity
ord246
CAEnumFirstCA
CACountCAs
CAGetCACertificate
CAGetCAExpiration
CACountCertTypes
ord218
ord256
ord258
CAAccessCheck
CAFindByCertType
CAFindByName
CAGetCAProperty
CAFreeCAProperty
CAEnumNextCA
CACloseCA
CAEnumCertTypesForCA
CAEnumCertTypes
CACertTypeAccessCheck
CAEnumNextCertType

comctl32

InitCommonControlsEx

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

gdi32

GetStockObject

netapi32

NetUserGetGroups
DsGetDcNameW
NetApiBufferFree

ntdll

RtlFindMessage
RtlTimeToSecondsSince1970
NtQuerySystemTime
RtlUnwind

ntdsapi

DsGetDomainControllerInfoW
DsBindW
DsFreeDomainControllerInfoW
DsCrackNamesW
DsUnBindW
DsFreeNameResultW

setupapi

SetupFindNextLine
SetupGetFieldCount
SetupGetStringFieldW
SetupFindFirstLineW
SetupOpenInfFileW
SetupCloseInfFile
SetupGetIntField
SetupGetLineCountW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wldap32

ord147
ord167
ord142
ord79
ord140
ord224
ord127
ord41
ord27
ord26
ord36
ord210
ord208
ord73
ord14
ord145
ord13
ord113
ord203
ord155
ord16
ord18
ord12
ord65

crypt32

CertAddCTLContextToStore
CertAddCRLContextToStore
CryptImportPublicKeyInfo
CertEnumSystemStoreLocation
CertEnumSystemStore
CertEnumPhysicalStore
CertControlStore
CertDeleteCRLFromStore
CertDuplicateCRLContext
CertSetCTLContextProperty
CertSetCRLContextProperty
CertEnumCertificateContextProperties
CertEnumCRLContextProperties
CertGetCRLContextProperty
CertEnumCTLContextProperties
CertGetCTLContextProperty
CertSetStoreProperty
CryptExportPublicKeyInfo
CertEnumCTLsInStore
CertDeleteCertificateFromStore
CertGetNameStringW
CertSaveStore
CertGetCertificateChain
CertFreeCertificateChain
CertCreateCTLContext
CertFreeCTLContext
CertDuplicateCertificateContext
CryptVerifyCertificateSignature
CertAddCertificateContextToStore
PFXIsPFXBlob
CryptMsgGetParam
CryptMsgGetAndVerifySigner
CryptMsgControl
CertGetPublicKeyLength
CryptFormatObject
CryptFindCertificateKeyProvInfo
CryptAcquireCertificatePrivateKey
CertAddEncodedCertificateToStore
CertEnumCertificatesInStore
CertCompareCertificateName
CryptEnumOIDInfo
CryptDecodeObject
CertCreateCRLContext
CertEnumCRLsInStore
CertFreeCRLContext
CertFindCertificateInStore
CertSetCertificateContextProperty
CertOpenStore
CertCreateCertificateContext
CryptMsgClose
CertCloseStore
CertGetCertificateContextProperty
CryptFindOIDInfo
CryptEncodeObjectEx
CertFreeCertificateContext
CertComparePublicKeyInfo
CertVerifyRevocation
CertVerifyTimeValidity
CertVerifyCRLTimeValidity
CryptHashCertificate
CertFindExtension
CertGetEnhancedKeyUsage
CryptVerifyCertificateSignatureEx
CertVerifySubjectCertificateContext
CryptSignAndEncodeCertificate
CryptSignMessage
CryptHashPublicKeyInfo
CryptDecryptMessage
PFXImportCertStore
CertStrToNameW
CertNameToStrW
CryptEncryptMessage
CertVerifyCertificateChainPolicy
CertGetIntendedKeyUsage
CryptFreeOIDFunctionAddress
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CertAddCertificateLinkToStore
PFXExportCertStore
PFXExportCertStoreEx
CryptMsgUpdate
CryptMsgOpenToDecode
CryptSignCertificate
CryptDecodeObjectEx

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
StringFromCLSID
ProgIDFromCLSID
CLSIDFromString
CLSIDFromProgID
CoCreateInstanceEx
CoSetProxyBlanket
CoTaskMemAlloc

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopyInd
SetErrorInfo
CreateErrorInfo
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen

rpcrt4

NdrClientCall2
UuidCreate

secur32

GetComputerObjectNameW
TranslateNameW
GetUserNameExW

user32

IsDlgButtonChecked
ShowWindow
GetWindowLongW
CallWindowProcW
LoadStringW
SetFocus
GetWindowTextW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
UpdateWindow
CreateWindowExW
RegisterClassW
LoadCursorW
LoadIconW
SendMessageW
MessageBoxW
EnableWindow
GetDlgItem
SetDlgItemTextW
SetCursor
SetDlgItemInt
CheckDlgButton
SendDlgItemMessageA
EndDialog
GetDlgItemInt
GetDlgItemTextW
SetWindowTextW
DialogBoxParamW
SetWindowLongW

Sections

.text
Size: 713KB - Virtual size: 713KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

43467bab58091396e54cd8edc93c68f5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

certcli

comctl32

cryptui

gdi32

netapi32

ntdll

ntdsapi

setupapi

version

wldap32

crypt32

ole32

oleaut32

rpcrt4

secur32

user32

Sections

.text Size: 713KB - Virtual size: 713KB

.data Size: 25KB - Virtual size: 33KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 37KB - Virtual size: 36KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 713KB - Virtual size: 713KB

.data
Size: 25KB - Virtual size: 33KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 37KB - Virtual size: 36KB

UPX0
Size: 144KB - Virtual size: 380KB