d52bcc86127ea7203749328ac64703b456ce1d998185929fd421bab49e82c837

Sharing

Copy URL Twitter E-mail

General

Target

d52bcc86127ea7203749328ac64703b456ce1d998185929fd421bab49e82c837
Size

3.0MB
MD5

9661c559092d2a8f38d30348835ae7ad
SHA1

2a4cd31f3476439d825dfd02e63ebd7188f0e28d
SHA256

d52bcc86127ea7203749328ac64703b456ce1d998185929fd421bab49e82c837
SHA512

7cd534aa1fa2f933d9c971a4eabd78eecf1412fd9f869577d033366b4b23e29941bd8f4c47b5a2d0b2c023502efeb03fdd13b8034d15537eb3f36b96f513ec7a
SSDEEP

49152:JZzNFlVoC9ieYXmy3qLHjvFcy7FpetgiZFrnNYX6d1Nm0uWNrbHHwc0:XNFl8eu/+Jcy7ze+gYq4WR7/

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

d52bcc86127ea7203749328ac64703b456ce1d998185929fd421bab49e82c837
.exe windows x86

21570d429c3232953d0ee2c3a25755fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetPriorityClass
GetCurrentProcess
ResumeThread
GetCurrentThreadId
CreateEventA
SetEvent
GetExitCodeThread
GetStartupInfoA
ExitProcess
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
DebugBreak
LocalFree
GetProcessHeap
HeapReAlloc
HeapFree
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
WaitForMultipleObjects
GetFileAttributesA
GetDriveTypeA
lstrcpynA
ReadFile
GetFileSize
GetLastError
CallNamedPipeA
GetUserDefaultLangID
GetTempPathA
EnumResourceNamesA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcmpiA
lstrlenW
SetFileAttributesA
GetModuleHandleA
SetLastError
GetWindowsDirectoryA
GetShortPathNameA
CreateFileA
WriteFile
CloseHandle
DeleteFileA
MoveFileA
GetModuleFileNameA
lstrcpyA
GetTickCount
CopyFileA
LoadLibraryA
GetProcAddress
WideCharToMultiByte
FreeLibrary
lstrlenA
HeapAlloc
lstrcatA

user32

CharNextA
GetKeyboardType
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
SetWindowTextA
GetDC
ReleaseDC
GetSysColor
LoadStringA
GetClientRect
KillTimer
LoadCursorA
SetCursor
SetWindowLongA
GetWindowTextA
PostMessageA
SetTimer
InvalidateRect
UpdateWindow
RedrawWindow
GetDlgItem
EnableWindow
SetForegroundWindow
SendMessageA
SendDlgItemMessageA
GetWindowRect
SetWindowPos
LoadImageA
PostQuitMessage
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetMessageA
BeginDeferWindowPos
ScreenToClient
DeferWindowPos
EndDeferWindowPos
EndDialog
GetSystemMetrics
TranslateMessage
DispatchMessageA
wsprintfA
MapWindowPoints

gdi32

GetDeviceCaps
SelectObject
CreateHalftonePalette
DeleteObject
UpdateColors
SetTextColor
CreateFontIndirectA
CreateCompatibleDC
DeleteDC
SelectPalette
RealizePalette
BitBlt
GetObjectA

advapi32

RegFlushKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
StrRChrA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantClear

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21570d429c3232953d0ee2c3a25755fc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

UPX0
Size: 144KB - Virtual size: 380KB