5cff20886fdff1c9a3432ecff31ddf9d42aad5e4d8c07b3ef14c2fd4a0a409b6

Sharing

Copy URL Twitter E-mail

General

Target

5cff20886fdff1c9a3432ecff31ddf9d42aad5e4d8c07b3ef14c2fd4a0a409b6
Size

456KB
MD5

19aa45bc62d6782e6bfc58fb127b481d
SHA1

171559ba1aa33a4e8dda032b89333902829c2c32
SHA256

5cff20886fdff1c9a3432ecff31ddf9d42aad5e4d8c07b3ef14c2fd4a0a409b6
SHA512

be1f8d9b21ca0ae72c295f661bd34cad63e159bb1c6026739bf9bf41f155b90607f5d7ae31bec826f3163b75819288ceacc9b819a3a18803ab42c39dfd9281f1
SSDEEP

6144:81mHCQrXYHq1KZe75Q9QbpkirLauxyxPS5djYQuuMVCCk5mf3sA9WFIupAQ82kr1:qsjLrMWpPbaZKoP1P

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

5cff20886fdff1c9a3432ecff31ddf9d42aad5e4d8c07b3ef14c2fd4a0a409b6
.exe windows x86

6558a1fdaedcababcd010bad6b6e3953

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
FreeLibrary
GetPrivateProfileStringA
SetEnvironmentVariableA
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
LocalAlloc
GetCurrentThreadId
MultiByteToWideChar
DeviceIoControl
CreateFileA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateProcess
MoveFileExA
GetCurrentProcessId
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
CopyFileA
Sleep
FindFirstFileA
SetLastError
FindNextFileA
FindClose
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
WinExec
OpenFile
_lclose
GetVersionExA
SetFileAttributesA
DeleteFileA
GetFullPathNameA
SetCurrentDirectoryA
GetLastError
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
GetUserDefaultLangID
GetModuleFileNameA
GetComputerNameA
OpenProcess
GetStartupInfoA

user32

GetWindowThreadProcessId
DialogBoxParamA
EnumWindows
GetParent
CopyRect
OffsetRect
SetWindowPos
LoadStringA
MessageBoxA
LoadBitmapA
UpdateWindow
ShowWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRect
GetClientRect
SendMessageA
CreateWindowExA
GetDesktopWindow
LoadImageA
ExitWindowsEx
GetWindowInfo
GetSystemMetrics
CheckDlgButton
SetDlgItemTextA
GetDlgItem
EnableWindow
EndDialog
IsDlgButtonChecked

advapi32

SetSecurityDescriptorOwner
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
RegEnumValueA
AdjustTokenPrivileges

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiGetDriverInfoDetailA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupDiClassGuidsFromNameA
SetupDiGetINFClassA
SetupDiRegisterDeviceInfo
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiSetSelectedDevice
SetupDiCallClassInstaller
SetupDiRemoveDevice
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList

comctl32

ord17

shlwapi

PathAppendA
PathIsDirectoryA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
printf
_mbstok
_itoa
_except_handler3
strtoul
_mbscmp
_mbsnbcmp
_mbsnbicmp
_strdup
free
_strlwr
__CxxFrameHandler
atoi
fopen
fclose
vsprintf
fgetc
_mbsnbcpy
sscanf
fprintf
_mbsstr
toupper
_mbsrchr
??2@YAPAXI@Z
getenv
sprintf
_mbsicmp
??3@YAXPAX@Z
_mbschr
_mbscspn
exit

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6558a1fdaedcababcd010bad6b6e3953

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

version

setupapi

comctl32

shlwapi

msvcrt

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 288KB - Virtual size: 285KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 288KB - Virtual size: 285KB

.UPX0
Size: 108KB - Virtual size: 260KB