10ac8285bee9764f97413878763b0bd300137d90a8b3b3ff9ff1ecf11d3ada11

Sharing

Copy URL Twitter E-mail

General

Target

10ac8285bee9764f97413878763b0bd300137d90a8b3b3ff9ff1ecf11d3ada11
Size

145KB
MD5

5473391baedd68d4c4895e897120f447
SHA1

26f396186d8a55581193c274eb2f45f6853eb206
SHA256

10ac8285bee9764f97413878763b0bd300137d90a8b3b3ff9ff1ecf11d3ada11
SHA512

ea513693ced271ab155700eb375143ee2b8c17ea5eaae81ca51b69386656aa6ea38a29484e3d145f76f1a53487318d7d8f868dc44889307966ac699bff1abb95
SSDEEP

3072:I962YhpyCKtfJ4DZsdjkrDkwD1qPDU5ORHLJy76/ihse6d6cAk2UgQ+gs:ILUwtuVJk+2DcIL+eimiUgQu

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

10ac8285bee9764f97413878763b0bd300137d90a8b3b3ff9ff1ecf11d3ada11
.exe windows x86

4a5e1c4364abac9613807362c42ce070

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EqualSid
GetLengthSid
IsValidSid
CreateServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
DeleteService
OpenServiceW
RegSetValueExW
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
OpenSCManagerW

kernel32

ExitProcess
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
DebugBreak
LCMapStringW
EnterCriticalSection
GetLastError
CreateEventW
GetModuleFileNameW
lstrlenW
GetCommandLineW
SetEvent

msvcrt

malloc
wcsstr
_vsnwprintf
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
printf
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_callnewh
free
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
memmove_s
memcpy_s
__CxxFrameHandler3
_purecall
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs

wbemcomn

?InternalQueryInterface@CUnkInternal@@QAEJABU_GUID@@PAPAX@Z
?GetMemLogObject@@YGPAVCMemoryLog@@XZ
?Write@CMemoryLog@@QAEXJ@Z
?InternalRelease@CUnkInternal@@QAEKXZ
??0CNtSid@@QAE@PAX@Z
??0Registry@@QAE@PBGK@Z
??1Registry@@QAE@XZ
??0CCritSec@@QAE@XZ
??1CCritSec@@QAE@XZ
?_ThrowMemoryException_@@YGXXZ
?ErrorTrace@@YAHDPBDZZ
??0CNtSid@@QAE@W4SidType@0@@Z
??0CInCritSec@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??8CNtSid@@QAEHAAV0@@Z
?GetTextSid@CNtSid@@QAEHPAGPAK@Z
??1CInCritSec@@QAE@XZ
??1CNtSid@@QAE@XZ
??0CNtSid@@QAE@ABV0@@Z
??4CNtSid@@QAEAAV0@ABV0@@Z
?Initialize@CUnk@@UAEHXZ
?OnInitialize@CUnk@@UAEHXZ
?Release@CUnk@@UAGKXZ
?AddRef@CUnk@@UAGKXZ
?QueryInterface@CUnk@@UAGJABU_GUID@@PAPAX@Z
??0CUnk@@QAE@PAVCLifeControl@@PAUIUnknown@@@Z
??1CUnk@@UAE@XZ
?Release@CUnkInternal@@UAGKXZ
?AddRef@CUnkInternal@@UAGKXZ
?QueryInterface@CUnkInternal@@UAGJABU_GUID@@PAPAX@Z
??0CUnkInternal@@QAE@PAVCLifeControl@@@Z
??_7CUnkInternal@@6B@
??1CUnkInternal@@UAE@XZ
?GetDWORDStr@Registry@@QAEHPBGPAK@Z

ole32

CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2
CoImpersonateClient
CoRevertToSelf
CoInitialize
CoInitializeSecurity

user32

TranslateMessage
GetMessageW
PostQuitMessage
SetTimer
DispatchMessageW
PostThreadMessageW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a5e1c4364abac9613807362c42ce070

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

wbemcomn

ole32

user32

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.UPX0
Size: 108KB - Virtual size: 260KB