ca37b4d12e73ce17e24d70aacfacd20725d3115b6b2592d7e3208d43afb6d1e1

Sharing

Copy URL

Twitter E-mail

General

Target

ca37b4d12e73ce17e24d70aacfacd20725d3115b6b2592d7e3208d43afb6d1e1
Size

801KB
MD5

0b6a6fe83d9da475b1c2abf5e6f22816
SHA1

166eefe59af065aabc96459373a55ca101670561
SHA256

ca37b4d12e73ce17e24d70aacfacd20725d3115b6b2592d7e3208d43afb6d1e1
SHA512

b447bd52620fe0c20e8940c20e883fed2d34c98c43479515d5407296ead6a1cc1c197d7acabc2d6f8414a7f3a0f285e824961f804f44abc51bab66eb87d0bffc
SSDEEP

12288:ZpdR624Zui4JtMMegi9Z7o3f04dDucRi9Z7o3f04dDucmdPXc5wzYoZRXMnM7a:ZZAZui4JtMq4k384x14k384xKzYI

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

ca37b4d12e73ce17e24d70aacfacd20725d3115b6b2592d7e3208d43afb6d1e1
.exe windows x86

e3465d2c286bd5fc58572d826e97f395

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceEvent
RegSetValueExW

kernel32

CompareStringW
GetTickCount
HeapFree
HeapAlloc
GetModuleHandleExW
HeapSetInformation
CreateMutexW
GetLastError
CloseHandle
SetProcessShutdownParameters
RegisterApplicationRestart
ReleaseMutex
GlobalAddAtomW
GlobalDeleteAtom
GetModuleHandleW
GetCurrentProcess
IsProcessInJob
GetCurrentThreadId
DebugBreak
InitializeCriticalSectionAndSpinCount
VirtualQueryEx
GetModuleFileNameA
LocalAlloc
LocalFree
OutputDebugStringA
CreateThread
FreeLibraryAndExitThread
FindResourceW
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
GlobalFree
GetSystemDirectoryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
TlsGetValue
SizeofResource
LockResource
LoadResource
FindResourceExW
AddAtomW
DeleteAtom
HeapReAlloc
MulDiv
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetAtomNameW
MultiByteToWideChar
FindAtomW
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryExW
GetVersion
FreeLibrary
LoadLibraryW
InterlockedIncrement
TlsSetValue
InterlockedDecrement
HeapDestroy
TlsFree
TlsAlloc
GetProcessHeap
HeapCreate
SetProcessWorkingSetSize
GetLocaleInfoW
GetUserDefaultUILanguage
GetThreadUILanguage
IsProcessorFeaturePresent
GetThreadLocale

user32

MapWindowPoints
GetGUIThreadInfo
GetSystemMetrics
InvalidateRect
GetForegroundWindow
SendInput
PostQuitMessage
SystemParametersInfoW
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
ShowWindow
CallWindowProcW
LoadStringW
SetWindowPos
SetWindowLongW
GetWindowLongW
EnableMenuItem
SetMenu
LoadMenuW
GetMenuBarInfo
SetLayeredWindowAttributes
SetPropW
UpdateWindow
RegisterClassExW
DefWindowProcW
LoadCursorW
SetCursor
GetMessagePos
PtInRect
SendMessageW
RemovePropW
SetWindowPlacement
UnhookWinEvent
SetWinEventHook
SetProcessDPIAware
GetClassNameW
CreateWindowExW
IsWindow
EqualRect
AdjustWindowRectEx
GetClientRect
GetParent
GetIconInfo
LoadImageW
DestroyIcon
ReleaseDC
GetDC
CreateIconIndirect
EnableWindow
PostMessageW
SetFocus
GetClassInfoExW
RegisterWindowMessageW
GetSysColorBrush
GetSysColor
CharUpperW
ClientToScreen
EnumChildWindows
ScreenToClient
IsCharAlphaNumericW
DrawFrameControl
InflateRect
FillRect
IsRectEmpty
DrawTextW
GetKeyNameTextW
MapVirtualKeyW
DrawFocusRect
IntersectRect
DrawIconEx
CopyRect
SetScrollInfo
GetPropW
NotifyWinEvent
SetParent
IsChild
GetFocus
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetWindowRgn
GetWindowRgnBox
CharUpperA
GetKeyState
SetRect
SetRectEmpty
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
OffsetRect
FindWindowW
SetForegroundWindow
KillTimer
DispatchMessageW
LoadIconW
TranslateAcceleratorW
TranslateMessage
GetPhysicalCursorPos
LoadAcceleratorsW
SetTimer
SendMessageTimeoutW
DestroyWindow
GetMessageW

msvcrt

_wcsdup
memcpy
_ftol2
_wcsnicmp
free
_vsnprintf
iswalpha
iswalnum
_isnan
qsort
memmove
realloc
wcstol
wcschr
_vsnwprintf
memset
_wcsicmp
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
_ftol2_sse
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp

ole32

CoUninitialize
CoInitialize
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromString
CoDisconnectObject
CoCreateInstance

oleacc

LresultFromObject
CreateStdAccessibleObject
GetRoleTextW
ObjectFromLresult
AccessibleObjectFromWindow
AccessibleObjectFromEvent

comctl32

ord17

oleaut32

SysAllocString
SafeArrayGetDim
SafeArrayGetVartype
VariantInit
SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreateVector

shell32

SHAppBarMessage
ShellAboutW

duser

ForwardGadgetMessage
MapGadgetPoints
GetGadgetTicket
SetGadgetBufferInfo
FindStdColor
UtilDrawBlendRect
SetGadgetRootInfo
LookupGadgetTicket
FindGadgetFromPoint
DUserFlushMessages
DUserFlushDeferredMessages
InitGadgets
GetStdColorI
GetGadgetRgn
CreateGadget
SetGadgetFocusEx
BuildInterpolation
BuildAnimation
GetGadgetSize
DeleteHandle
GetGadgetAnimation
GetGadgetFocus
SetGadgetFocus
GetGadgetRect
DUserPostEvent
DUserSendEvent
SetGadgetMessageFilter
SetGadgetParent
SetGadgetRect
InvalidateGadget
CreateAction
DetachWndProc
SetGadgetStyle
AttachWndProcW
GetStdColorBrushI

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute

magnification

MagSetWindowTransform
MagSetWindowSource
MagInitialize
MagUninitialize

gdi32

GetBrushOrgEx
DeleteDC
GetPixel
SelectObject
CreateCompatibleDC
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateDIBSection
DeleteEnhMetaFile
GetDeviceCaps
SetBrushOrgEx
SetStretchBltMode
RealizePalette
SelectPalette
CreateHalftonePalette
GetDIBits
GdiGetCharDimensions
GetTextMetricsW
LPtoDP
StretchDIBits
CreateDIBPatternBrushPt
GetBkColor
SetLayout
CreateFontIndirectW
CreateRectRgn
OffsetRgn
GetRgnBox
RectVisible
GetRegionData
ExtCreateRegion
CombineRgn
GetBkMode
OffsetWindowOrgEx
SetWindowOrgEx
CreateSolidBrush
CreatePatternBrush
GetTextExtentPoint32W
PlayEnhMetaFile
BitBlt
ExtTextOutW
GetTextColor
GetLayout
GetTextAlign
SetTextAlign
SetTextColor
SetBkColor
SetBkMode
GdiTransparentBlt
GdiGradientFill
GdiAlphaBlend
PatBlt
GetStockObject
DeleteObject

uxtheme

IsAppThemed
GetThemeAppProperties
GetThemeMargins
GetThemeFont
GetThemeColor
GetThemeMetric
GetThemePartSize
ord47
DrawThemeTextEx
BeginBufferedPaint
GetBufferedPaintBits
BufferedPaintClear
EndBufferedPaint
BufferedPaintUnInit
CloseThemeData
OpenThemeData
BufferedPaintInit

shlwapi

PathAppendW
PathCreateFromUrlW

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3465d2c286bd5fc58572d826e97f395

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleacc

comctl32

oleaut32

shell32

duser

dwmapi

magnification

gdi32

uxtheme

shlwapi

Sections

.text Size: 322KB - Virtual size: 321KB

.data Size: 48KB - Virtual size: 50KB

.rsrc Size: 294KB - Virtual size: 293KB

.reloc Size: 28KB - Virtual size: 27KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 322KB - Virtual size: 321KB

.data
Size: 48KB - Virtual size: 50KB

.rsrc
Size: 294KB - Virtual size: 293KB

.reloc
Size: 28KB - Virtual size: 27KB

.UPX0
Size: 108KB - Virtual size: 260KB