0c7abd75b09949126e91d1b27b03dbe5559d6b4db91d17ce66ae7a7feff18bdc

Sharing

Copy URL Twitter E-mail

General

Target

0c7abd75b09949126e91d1b27b03dbe5559d6b4db91d17ce66ae7a7feff18bdc
Size

949KB
MD5

83979c7d57efe9fe5df07c81d01f48b0
SHA1

09e9e2129f19de1bad297e0b002f9cc1db50df42
SHA256

0c7abd75b09949126e91d1b27b03dbe5559d6b4db91d17ce66ae7a7feff18bdc
SHA512

b0855fc4b8872aed39677320c9a794bc41ddeaef9d0f6291a6a9a8d4a053fe36ec001991f270d203e88048c5805f156d5a3f82613262ac7c352946522a26e976
SSDEEP

24576:pkAaxJIbqDlQJeVWNrmCphHyUBnsqTLSeYK5aXO5:juJbxQvrBHoqT+K8XO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

0c7abd75b09949126e91d1b27b03dbe5559d6b4db91d17ce66ae7a7feff18bdc
.exe windows x86

817b86bce8444f54e0354835ebbab080

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
DeleteCriticalSection
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
GetFileAttributesA
SetFileAttributesA
GetProcessHeap
SetEndOfFile
CreateFileW
ResetEvent
ReadFile
CreateEventA
CreateFileA
InitializeCriticalSection
WriteFile
SetEvent
InterlockedCompareExchange
WaitForSingleObject
SetFilePointer
FreeLibrary
CompareStringW
GetCurrentProcessId
WaitForMultipleObjects
GetModuleFileNameW
CreateProcessW
CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
GetTimeZoneInformation
SetStdHandle
GetFullPathNameA
InitializeCriticalSectionAndSpinCount
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
SetUnhandledExceptionFilter
CloseHandle
OutputDebugStringA
GetCurrentThreadId
GetModuleFileNameA
SetConsoleCtrlHandler
GetLastError
CreateProcessA
Sleep
GetFileSize
HeapFree
HeapAlloc
GetModuleHandleW
ExitProcess
CreateDirectoryA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitThread
ResumeThread
CreateThread
UnhandledExceptionFilter
FindNextFileA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
DeleteFileA

user32

GetDesktopWindow
GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW

shlwapi

SHGetValueW

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

shell32

SHGetFolderPathA

ws2_32

recv
bind
socket
WSACreateEvent
closesocket
WSACleanup
listen
accept
gethostbyname
ntohs
getsockname
setsockopt
shutdown
WSAEventSelect
htons
WSAEnumNetworkEvents
WSAGetLastError
htonl
WSAStartup
connect
send

adbwinapi

ord21
ord2
ord4
ord10
ord15
ord6
ord16
ord22
ord11
ord1
ord25
ord8
ord7

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

817b86bce8444f54e0354835ebbab080

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

shell32

ws2_32

adbwinapi

Sections

.text Size: 526KB - Virtual size: 526KB

.rdata Size: 173KB - Virtual size: 172KB

.data Size: 10KB - Virtual size: 134KB

.rsrc Size: 1KB - Virtual size: 1KB

.UPX Size: 237KB - Virtual size: 240KB

.text
Size: 526KB - Virtual size: 526KB

.rdata
Size: 173KB - Virtual size: 172KB

.data
Size: 10KB - Virtual size: 134KB

.rsrc
Size: 1KB - Virtual size: 1KB

.UPX
Size: 237KB - Virtual size: 240KB