3637a20cb9a07b0d9a8506e05c9c26947fc3e238176a91d9204e48cac194f17d

Sharing

Copy URL Twitter E-mail

General

Target

3637a20cb9a07b0d9a8506e05c9c26947fc3e238176a91d9204e48cac194f17d
Size

1012KB
MD5

83e30019ff56a0fe819271239006865a
SHA1

53a281e797d62b3e1410f3be5e94485ba91b2297
SHA256

3637a20cb9a07b0d9a8506e05c9c26947fc3e238176a91d9204e48cac194f17d
SHA512

9559693db6b0f51df7f4d9c3ad2381d2d1b219dba807ba453654eb6934646ef1a2190589f27199cfffeb3c692671b856303102ce486008cc620d68711195ef0f
SSDEEP

24576:TBur8O68gHgrKvuYqDmGfCv5/Xq6bIK1:kTgmKvuYqe5/XX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

3637a20cb9a07b0d9a8506e05c9c26947fc3e238176a91d9204e48cac194f17d
.exe windows x86

faaa86d9a88806b88ccaaa6c1a3ec38b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

ICOpen
ICClose
ICGetInfo

msacm32

acmFormatTagDetailsA
acmDriverEnum
acmDriverDetailsA
acmDriverClose
acmDriverOpen

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

GetDriverModuleHandle
OpenDriver
CloseDriver

kernel32

lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
GlobalReAlloc
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalAlloc
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetThreadLocale
GetFileTime
FlushFileBuffers
LockFile
UnlockFile
ResumeThread
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
RtlUnwind
HeapFree
HeapAlloc
ExitThread
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitProcess
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetModuleFileNameW
GlobalFree
MulDiv
GetCurrentThread
GetACP
GetModuleHandleA
CreateThread
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
FindFirstFileA
FindClose
SearchPathA
FormatMessageA
LocalFree
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
IsBadWritePtr
OpenProcess
IsBadCodePtr
SetLastError
GetWindowsDirectoryA
FreeLibrary
lstrcatA
WinExec
MultiByteToWideChar
CreateProcessA
GetCommandLineW
Sleep
GetUserDefaultLangID
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFilePointer
SetThreadPriority
GetLastError
GetOverlappedResult
VirtualAlloc
CreateFileW
VirtualFree
GetTickCount
GetFileAttributesA
GetVersionExA
GetCurrentProcessId
CreateEventA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
lstrlenA
GlobalAlloc
lstrcpyA
GlobalLock
GlobalUnlock
GetFileSize
ReadFile
CreateFileA
WriteFile
CloseHandle
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
SetEndOfFile

user32

IsWindowEnabled
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
GetDesktopWindow
TabbedTextOutA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
DestroyMenu
PostQuitMessage
GetWindowThreadProcessId
GetSysColorBrush
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
MapWindowPoints
TrackPopupMenu
GetScrollRange
GetScrollPos
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
RegisterClassA
GetScrollInfo
SetScrollInfo
SetWindowPlacement
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
ValidateRect
UnhookWindowsHookEx
GetMenuState
ShowWindow
SetWindowRgn
IsZoomed
RemovePropA
CallWindowProcA
IsMenu
AdjustWindowRectEx
GetMenu
GetClassNameA
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GetWindowRgn
EqualRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
DrawFocusRect
GetActiveWindow
UnregisterClassA
GetClassInfoA
DefWindowProcA
GetCapture
IsRectEmpty
CharUpperA
IsCharAlphaA
IsCharAlphaNumericA
SetLastErrorEx
WindowFromPoint
ClientToScreen
SetWindowLongA
LoadCursorA
CopyIcon
MessageBeep
ReleaseCapture
SetCapture
ReleaseDC
GetDC
GetWindowRect
InflateRect
PtInRect
SetCursor
DrawTextA
FillRect
GetKeyState
GetSystemMetrics
IsIconic
EnableWindow
SendMessageA
GetCursorPos
LoadBitmapA
GetClientRect
GetSysColor
InvalidateRect
HideCaret
CloseClipboard
GetMenuItemID
GetMenuItemCount
DrawIcon
TranslateAcceleratorA
MapDialogRect
GetSystemMenu
AppendMenuA
SetFocus
IsWindowVisible
GetDlgCtrlID
LoadStringA
LoadIconA
GetMessagePos
GetParent
LoadImageA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
SendDlgItemMessageA
WinHelpA
SetPropA
GetClassLongA
OpenClipboard
SetClipboardData
EmptyClipboard
EnableMenuItem
GetSubMenu
LoadMenuA
ScreenToClient
PostMessageA
SetTimer
GetDlgItem
LoadAcceleratorsA
MessageBoxA
wsprintfA
CopyRect
GetFocus
IsWindow
GetWindowLongA
CheckMenuItem
KillTimer
GetPropA

gdi32

GetObjectA
GetTextMetricsA
PatBlt
CreatePatternBrush
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
CreateFontIndirectA
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
CreateRectRgnIndirect
GetTextExtentPoint32A
GetDIBits
CreateSolidBrush
SelectObject
Rectangle
MoveToEx
LineTo
CreateDIBSection
DeleteObject
BitBlt
CreateCompatibleDC
ScaleViewportExtEx
CreatePen
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CombineRgn
DPtoLP
OffsetRgn
SetRectRgn
CreateRectRgn
GetTextExtentExPointA
GetCharWidthA
GetWindowOrgEx

comdlg32

GetSaveFileNameA
GetOpenFileNameW
GetFileTitleA
GetOpenFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyA
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
CommandLineToArgvW
ShellExecuteW
DragQueryFileA
ShellExecuteA
SHChangeNotify
DragFinish

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
SHRegGetPathA
PathIsUNCA

ole32

CLSIDFromString
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CreateItemMoniker
GetRunningObjectTable
StringFromCLSID

oleaut32

VariantInit
VariantChangeType
OleCreatePropertyFrame
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysFreeString

Sections

.text
Size: 472KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

faaa86d9a88806b88ccaaa6c1a3ec38b

Headers

File Characteristics

Imports

msvfw32

msacm32

version

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 472KB - Virtual size: 469KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 32KB - Virtual size: 49KB

.rsrc Size: 280KB - Virtual size: 279KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 472KB - Virtual size: 469KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 32KB - Virtual size: 49KB

.rsrc
Size: 280KB - Virtual size: 279KB

.UPX0
Size: 108KB - Virtual size: 260KB