c9edd8a2eb8de8901d4bb3bb8e909bff12edf45322314d7615eda745691400ee

Sharing

Copy URL Twitter E-mail

General

Target

c9edd8a2eb8de8901d4bb3bb8e909bff12edf45322314d7615eda745691400ee
Size

218KB
MD5

84d921df7f54f442b93f12830175e13d
SHA1

610d09b78e0de4837dcb79e277c6c84e98dc9129
SHA256

c9edd8a2eb8de8901d4bb3bb8e909bff12edf45322314d7615eda745691400ee
SHA512

54fd19cd4ae47b71e3113c7803f5a323fa3c48ef13e3b42fa8e055af883ee2557ba5fbe2eac77f4e8ca381dc40e0b9a28973940863ca34dbbb46563d55fd4f8a
SSDEEP

6144:0RDwFbKdrS7vzqC438D90NAId5AaJYeUZDg1:mDwF2t385PCJYQ1

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c9edd8a2eb8de8901d4bb3bb8e909bff12edf45322314d7615eda745691400ee
.exe windows x86

896448cf80cb97d5e3b70da818ed0531

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegConnectRegistryW

kernel32

WriteConsoleW
SetConsoleCursorPosition
GetNumberFormatW
GetLocaleInfoW
GetConsoleScreenBufferInfo
GetLastError
InterlockedDecrement
GetStdHandle
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
GetModuleFileNameW
GetComputerNameExW
FileTimeToSystemTime
ExitProcess
GetConsoleOutputCP
SetConsoleMode
GetDateFormatW
ReadConsoleW
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetUserDefaultLCID
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
LocalFree
GetTimeFormatW
SetLastError
ReadFile
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange

msvcrt

_exit
fprintf
fflush
wcstol
wcstoul
wcstod
_vsnwprintf
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
wcstok
_cexit
__wgetmainargs
_CxxThrowException
memcpy
_wcsicmp
_ftol2
_wtoi64
_ui64tow
??2@YAPAXI@Z
__iob_func
??3@YAXPAX@Z
memset
__CxxFrameHandler3
_memicmp
_get_osfhandle
_errno
_fileno

user32

LoadStringW
wsprintfW
CharUpperW

mpr

WNetCancelConnection2W
WNetGetLastErrorW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantCopy
VariantClear
VariantChangeType
SysAllocStringByteLen
SafeArrayGetElement
VariantInit
SafeArrayGetLBound
SysStringLen
SysAllocString
SafeArrayGetUBound
SysFreeString

framedynos

??H@YG?AVCHString@@PBGABV0@@Z
??0CHString@@QAE@PBG@Z
??YCHString@@QAEABV0@ABV0@@Z
?Format@CHString@@QAAXPBGZZ
?Mid@CHString@@QBE?AV1@HH@Z
?GetBuffer@CHString@@QAEPAGH@Z
?ReleaseBuffer@CHString@@QAEXH@Z
??0CHString@@QAE@XZ
??1CHString@@QAE@XZ
?Right@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?Empty@CHString@@QAEXXZ
?Compare@CHString@@QBEHPBG@Z
?Mid@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
??4CHString@@QAEABV0@PBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?GetBufferSetLength@CHString@@QAEPAGH@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Left@CHString@@QBE?AV1@H@Z

secur32

GetUserNameExW

ws2_32

WSAStartup
WSAGetLastError
GetAddrInfoW
WSACleanup
FreeAddrInfoW
GetNameInfoW

shlwapi

StrStrIW
StrStrW
StrChrIW
StrChrW
ord487

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

896448cf80cb97d5e3b70da818ed0531

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

mpr

ole32

oleaut32

framedynos

secur32

ws2_32

shlwapi

version

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: 144KB - Virtual size: 380KB