1b0b714d9141c725d3abdb9f533792c091bae7a11698a0e2d3f41712b613f39d

Sharing

Copy URL Twitter E-mail

General

Target

1b0b714d9141c725d3abdb9f533792c091bae7a11698a0e2d3f41712b613f39d
Size

758KB
MD5

439a4cc3df0d0ec52bfd595767ab7f31
SHA1

f795d23838f617327140c13b2b92239f1a3429c2
SHA256

1b0b714d9141c725d3abdb9f533792c091bae7a11698a0e2d3f41712b613f39d
SHA512

f7ea538ff4b7da4602877d9f4d59bdff9ce946ad4a739325eae2a1d471f602cdcc022d20abc1f9f0d1710dd70b054af086e045a28b2f3cf7352bb39dc78cf892
SSDEEP

12288:d7bKcBK3iiLV6VyELSXOthTrmSJ4Vln7sDYK5/7+XSbOYo:d7+cBK3iisZuXQTrvJ4jn7sDYK5aXsro

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

1b0b714d9141c725d3abdb9f533792c091bae7a11698a0e2d3f41712b613f39d
.exe windows x86

91d7d324ddf0897c27c0d12804159d79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CreateFileA
CompareStringA
GetLastError
WriteConsoleW
GetSystemDefaultLangID
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleHandleW
GetCurrentThread
WriteFile
LoadLibraryW
FormatMessageW
IsBadWritePtr
GetModuleFileNameW
CreateFileW
GetProcAddress
GetLocalTime
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
CreateDirectoryW
SetLastError
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
GetTempPathW
InterlockedIncrement
InterlockedCompareExchange
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
MoveFileExW
WaitForSingleObject
CopyFileW
GetExitCodeProcess
FileTimeToSystemTime
GetFileTime
DeleteFileW
SetFileAttributesW
CreateEventW
WaitForMultipleObjects
DuplicateHandle
LocalFree
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
RemoveDirectoryW
CreateMutexW
OpenMutexW
ReleaseMutex
GetFileSize
Sleep
ReadFile
FlushFileBuffers
DeleteFileA
HeapFree
HeapAlloc
GetTimeZoneInformation
HeapReAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetModuleHandleA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
FreeLibrary
LoadLibraryA
GetConsoleCP
GetConsoleMode

user32

GetWindowRect
GetWindowDC
DrawTextW
SetForegroundWindow
GetFocus
DialogBoxParamW
GetParent
TrackMouseEvent
IsWindowEnabled
GetClientRect
DestroyWindow
GetDC
GetForegroundWindow
InvalidateRect
GetWindowLongW
GetWindowTextW
ReleaseDC
ScrollWindow
SetWindowLongW
EndDialog
SetWindowPos
CheckDlgButton
IsDlgButtonChecked
CreateWindowExW
MessageBoxW
SendMessageW
CallWindowProcW
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
wvsprintfW
EndPaint
BeginPaint

gdi32

SetTextColor
GetObjectW
GetTextExtentPoint32W
CreateSolidBrush
GetStockObject
CreatePen
Rectangle
SelectObject
DeleteObject
SetBkMode
CreateFontIndirectW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

InitCommonControlsEx

msimg32

GradientFill

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 239KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

91d7d324ddf0897c27c0d12804159d79

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

version

comctl32

msimg32

advapi32

shell32

Sections

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 15KB - Virtual size: 35KB

.rsrc Size: 11KB - Virtual size: 10KB

.UPX Size: 239KB - Virtual size: 240KB

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 15KB - Virtual size: 35KB

.rsrc
Size: 11KB - Virtual size: 10KB

.UPX
Size: 239KB - Virtual size: 240KB