6e46f72803b526a2d1a59de56ce84428718d7a1a927e67d2aac8bc5bc915c5fa

Sharing

Copy URL Twitter E-mail

General

Target

6e46f72803b526a2d1a59de56ce84428718d7a1a927e67d2aac8bc5bc915c5fa
Size

358KB
MD5

4f3c82dd49b3f2ba3b0cb108d7ac5bdb
SHA1

86ff492b761f0c22307e6acd22f8848df0662081
SHA256

6e46f72803b526a2d1a59de56ce84428718d7a1a927e67d2aac8bc5bc915c5fa
SHA512

c285f552a2bacaa14d4a3da1e71f1829c1505027e3e08ef2da82c4fc6146c24081275da5b773c67e35f768d157029557e354aa63be3b723818c6db7432654f1e
SSDEEP

6144:b5XBhGOsKSyVGA35drk7zDHKNFj2oKznLL9baIodb/VRwv:5GOsKJP355aV9uV7wv

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

6e46f72803b526a2d1a59de56ce84428718d7a1a927e67d2aac8bc5bc915c5fa
.exe windows x86

0a4bbb578b87b171722d5ea94efb852f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_c_exit
_except_handler3
_exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_controlfp
_XcptFilter
_purecall

advapi32

RegDeleteKeyW
LsaClose
RegSetKeySecurity
SetFileSecurityW
IsValidSecurityDescriptor
InitializeAcl
InitializeSecurityDescriptor
MakeSelfRelativeSD
MapGenericMask
GetSecurityDescriptorLength
RegGetKeySecurity
GetFileSecurityW
AddAccessAllowedAceEx
IsWellKnownSid
FindFirstFreeAce
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
LookupAccountSidW
CreateWellKnownSid
RegEnumValueW
RegQueryValueW
RegDeleteValueW
GetUserNameW
LsaStorePrivateData
LsaOpenPolicy
RevertToSelf
ImpersonateSelf
OpenThreadToken
AreAllAccessesGranted
AccessCheck
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl

kernel32

DeleteFileW
GetWindowsDirectoryW
FreeLibrary
LoadLibraryW
MulDiv
CloseHandle
CreateFileW
LocalAlloc
ExpandEnvironmentStringsW
lstrcmpW
GetTickCount
GetPrivateProfileStringW
WritePrivateProfileStringW
FindClose
FindNextFileW
FindFirstFileW
SetCurrentDirectoryW
GetSystemDirectoryW
GetCurrentDirectoryW
GetProcAddress
GetLastError
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
CopyFileW
LockResource
LoadResource
SizeofResource
FindResourceW
GetSystemWindowsDirectoryW
GetModuleHandleW
WriteFile
GetModuleFileNameW
GetVersionExW
GetDllDirectoryW
CompareStringW
SetErrorMode
GetStartupInfoA
SetFileAttributesW
GetFileAttributesW
SearchPathW
GetSystemTime
GetCommandLineW
GetSystemInfo
GetNativeSystemInfo
lstrcmpiW
LocalFree
lstrcpynW
GetDriveTypeW
lstrcpyW
lstrlenW

gdi32

SetTextColor
GetDeviceCaps
GetObjectW
CreateHalftonePalette
CreatePatternBrush
SelectPalette
RealizePalette
SetStretchBltMode
SetBkMode
StretchBlt
CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutW
DeleteDC
DeleteObject
CreateCompatibleBitmap

user32

GetMessagePos
GetKeyState
EnableMenuItem
wsprintfW
DestroyIcon
CharLowerW
GetWindowTextW
GetComboBoxInfo
DrawFocusRect
DrawIcon
CreateDialogIndirectParamW
MapDialogRect
DrawEdge
GetNextDlgTabItem
PostMessageW
GetFocus
CharNextW
LoadIconW
MessageBoxW
DestroyMenu
LoadMenuW
SetMenuItemInfoW
GetMessageTime
InflateRect
SetCapture
IsWindowEnabled
TrackMouseEvent
GetSubMenu
TrackPopupMenuEx
PtInRect
GetIconInfo
ClientToScreen
SetCursorPos
ReleaseCapture
GetDoubleClickTime
SetFocus
SetWindowPos
SetTimer
KillTimer
LoadImageW
GetDlgCtrlID
SystemParametersInfoW
GetWindowTextLengthW
SetSysColors
SendNotifyMessageW
GetSysColorBrush
GetSysColor
GetSystemMetrics
BeginPaint
EndPaint
InvalidateRect
GetClientRect
GetDC
ReleaseDC
LoadCursorW
SetCursor
DialogBoxParamW
SetWindowLongW
GetWindowLongW
EndDialog
GetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
SendDlgItemMessageW
CreateWindowExW
CheckRadioButton
IsDlgButtonChecked
CheckDlgButton
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindowRect
MapWindowPoints
DestroyWindow
LoadStringW
SetDlgItemTextW
SetWindowTextW
ShowWindow
EnableWindow
GetParent
SendMessageW
GetDlgItem

ntdll

RtlInitUnicodeString
RtlRunDecodeUnicodeString
RtlRunEncodeUnicodeString

comctl32

PropertySheetW
ord413
ord412
ImageList_ReplaceIcon
ord410
ImageList_LoadImageW
ord17
ImageList_Draw
ImageList_Destroy
ImageList_Create
ImageList_SetOverlayImage

shell32

SHGetFileInfoW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconW
SHGetFolderPathW
SHGetFolderPathAndSubDirW
SHGetDesktopFolder
ShellExecuteW
ExtractIconExW
SHGetSpecialFolderPathW
FindExecutableW
ord232

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

shlwapi

SHGetValueW
SHDeleteKeyW
PathCombineW
SHStrDupW
SHSetValueW
wnsprintfW
StrCmpNIW
StrDupW
StrCmpNW
SHDeleteValueW
StrToIntW
PathGetArgsW
PathParseIconLocationW
SHAutoComplete
PathUnquoteSpacesW
PathRemoveArgsW
PathQuoteSpacesW
PathFileExistsW
PathAppendW
SHRegGetPathW
SHRegSetPathW
PathFindFileNameW
SHRegGetBoolUSValueW
StrCatBuffW
AssocQueryStringW
PathRemoveFileSpecW
ord487
SHQueryValueExW
StrRetToStrW
StrChrW
ord295
StrStrIW
PathFindExtensionW
wvnsprintfW
SHCreateStreamOnFileW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear
VariantChangeType
SysAllocString

oleacc

CreateStdAccessibleObject
GetRoleTextW
LresultFromObject

uxtheme

EnableThemeDialogTexture
DrawThemeParentBackground

msi

ord173
ord111
ord217

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetUserModalsGet
NetUserGetLocalGroups
NetQueryDisplayInformation
NetGetJoinInformation

aclui

ord1

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a4bbb578b87b171722d5ea94efb852f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ntdll

comctl32

shell32

comdlg32

shlwapi

ole32

oleaut32

oleacc

uxtheme

msi

version

netapi32

aclui

Sections

.text Size: 93KB - Virtual size: 92KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 159KB - Virtual size: 160KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 93KB - Virtual size: 92KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 159KB - Virtual size: 160KB

.UPX0
Size: 104KB - Virtual size: 252KB