af2cd3ed733fcaefff571c4c06bcc09f1c7776a510d8e4afc394f9813f76553e

Sharing

Copy URL Twitter E-mail

General

Target

af2cd3ed733fcaefff571c4c06bcc09f1c7776a510d8e4afc394f9813f76553e
Size

112KB
MD5

8138367bf25c9a81deb6fa6d9c7a1460
SHA1

9b64ba121b62aeabbbb99126e7e33e40d8902978
SHA256

af2cd3ed733fcaefff571c4c06bcc09f1c7776a510d8e4afc394f9813f76553e
SHA512

e8c21727d2c51d821cf28e2033eb8e00f4a5335bf5f7112e2d21a8f5eca3bceafd3cfbf0dc5a778439b1626787b4d54cd2c8228d728d63d5cff37ac18fc6c305
SSDEEP

1536:2ieROxzvOY0qmiS4pN9WmCNWddIccv1n1ungOzp+edWTgLrppXmZH:DeROxzp0qminsNWdqcM1ngngwUYv0H

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

af2cd3ed733fcaefff571c4c06bcc09f1c7776a510d8e4afc394f9813f76553e
.exe windows x86

f2189d2381b8184185d882a212bbe126

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
lstrcmpiW
GetComputerNameW
GetPrivateProfileIntW
lstrcpyW
WaitForMultipleObjects
GetPrivateProfileStringW
lstrlenW
lstrcatW
GetCurrentDirectoryW
lstrcpynW
GetModuleFileNameW
GetModuleHandleW
CopyFileW
HeapFree
MultiByteToWideChar
HeapAlloc
GetProcessHeap
lstrlenA
CreateEventW
OpenEventW
FindResourceW
WinExec
GetCommandLineW
CreateThread
PulseEvent
TerminateThread
TerminateProcess
GetFileSize
FlushFileBuffers
CreateProcessW
GetExitCodeProcess
SuspendThread
ResumeThread
CreateFileW
WriteFile
WideCharToMultiByte
SetFilePointer
ReadFile
GetLastError
ResetEvent
WaitForSingleObject
CloseHandle
Sleep
DeleteFileW
LoadResource
LockResource
LoadLibraryW
FreeLibrary

user32

LoadStringW
WaitForInputIdle
wsprintfA
wsprintfW
MessageBoxW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA

shell32

CommandLineToArgvW

cnvrem

?CloseFile@ConvertRemote@@QAEKKPAH@Z
?WaitForEvent@ConvertRemote@@QAEKPAGPAK@Z
?WaitForInputIdle@ConvertRemote@@QAEKKKPAK@Z
?ResumeThread@ConvertRemote@@QAEKKPAK@Z
?SuspendThread@ConvertRemote@@QAEKKPAK@Z
?GetExitCodeProcess@ConvertRemote@@QAEKKPAK@Z
?CreateProcessW@ConvertRemote@@QAEKPAGPAU_PROCESS_INFORMATION@@PAU_STARTUPINFOW@@0PAK33@Z
?WaitForSingleObject@ConvertRemote@@QAEKKK@Z
?CloseHandle@ConvertRemote@@QAEKK@Z
?TerminateProcess@ConvertRemote@@QAEKKK@Z
?RegisterDLL@ConvertRemote@@QAEKPAG00PAK@Z
?Connect@ConvertRemote@@QAEKPAG@Z
?GetSQLVersion@ConvertRemote@@QAEKPAK@Z
?GetNumProcessors@ConvertRemote@@QAEKPAK@Z
?DisConnect@ConvertRemote@@QAEKXZ

msvcrt

_iob
__p___initenv
_wstrtime
_XcptFilter
_wtoi
wprintf
_wstrdate
wcscat
wcslen
wcscpy
wcsrchr
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
fflush
exit
_exit
_onexit
__dllonexit
fprintf
fwprintf
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

??0ConvertRemote@@QAE@XZ
??1ConvertRemote@@QAE@XZ
??4ConvertRemote@@QAEAAV0@ABV0@@Z
?RpcCallFailed@ConvertRemote@@QAEHXZ

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2189d2381b8184185d882a212bbe126

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

cnvrem

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 2KB

.UPX Size: 68KB - Virtual size: 68KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.UPX
Size: 68KB - Virtual size: 68KB