986051d3bfd9ff9573c01f7cdf78ffc72c80968a224510648642e9e0ded2b2c4

Sharing

Copy URL

Twitter E-mail

General

Target

986051d3bfd9ff9573c01f7cdf78ffc72c80968a224510648642e9e0ded2b2c4
Size

993KB
MD5

57d10c7b0cad6231fd230f77f5b72200
SHA1

78e383467120669e71f9118237fe3ff70e3f3b89
SHA256

986051d3bfd9ff9573c01f7cdf78ffc72c80968a224510648642e9e0ded2b2c4
SHA512

a4192ebce940b559ce9ba13303aa1277025006942f3db8b4915339794a502d3c632bc82644678efad501051db057c7f370583cbe6af710fc2de7b28a92f4e61a
SSDEEP

24576:rS/BNuOQ4KLqzU2PUQBkjglvb3G7EBzIysKbwXPY:rSJNuTqxkjq9uHKbb

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

986051d3bfd9ff9573c01f7cdf78ffc72c80968a224510648642e9e0ded2b2c4
.dll windows x86

05452605ede4537c3b7db8cbe74c1edd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
Sleep
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
CreateThread
GetComputerNameA
GetTickCount64
CreateFileW
GetProcessHeap
SetEndOfFile
ReadFile
GetStringTypeW
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleW
CreateFileA
HeapReAlloc
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
SetHandleCount
LoadLibraryW
GetLastError
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetProcAddress
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CloseHandle
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ws2_32

recv
send
ioctlsocket
gethostname
inet_ntoa
WSAStartup
inet_addr
htonl
WSAGetLastError
htons
ntohs
sendto
WSACleanup
bind
socket
closesocket
gethostbyname
connect
recvfrom

wininet

InternetReadFile
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetCloseHandle

user32

MessageBoxW
CharUpperBuffW

Exports

Exports

�[��3QhA�� b��hJec�pB��$�[�}U ��&�S��C��\|��#�<8�Ȟ��u7E�$ѽ�e�N�PY��ff+��l��<#��s]{��r��v��w~ŁHfвZJ��e��=Ы�EP��3SIR�A�]�NHY>܎�l�5�M�ɻ��O�xS9U�vA0C쌨��^�G�̜0�Try4V�f��'��.�j+Z�� +��2�6]D��.:�b��%��vw2��g'芅��_e�'<𣬚C��`��^��vG2��(] ��d d�w�Rw:�8�l.�%V��lr��k��}[�sߝ�6>��ſ��sZ�1q��8bD�sM��=%��x��23��폕T��;��9�N��*Tt��:��o$^uVTh�|`�D��!�`%��.F�A�/�w��wܴE��B��Ag��2��Ǩ�7�#$\ʪl��>,@�"�B�QS��i,�Q,�Е�@�c��2��J�N� f�ܨ��З��L5�;�}6�)��+��s��pZd,�Mk��O��^8᯿C��yDY7�9d9�Ul�Q��V��g��_��+�zD�3|_ ��={�/�?�ג��{�2.Fw��1�7��}��4��/��9��G��r��6Qz��ދ��> ��1=� �C��V`�f��a/�~�4�j�󙘃�6pe�S�q4G�� p�N3@�ν��7��#��,h 4C~�,�u�o�e�I��0��8Bj��z�]Wd%��W�Q��d$�M��S��֭j��U�9��h6� ��~E�9�7� ��Ȳ��2� �?K�z �a��v�jt��«��whn')��(��c��v�Gl"�\��8d�qt��$L�I�1�u ��e��0\�R��i��ѵ�ߴ>�ڎ ��Q��~L�4�;33aK�q��)�a�?-ْ��׋b��(t��z�j��q� :�,�'j�FE�6a d�cR�#�Uз��P��D]��b%��JJAM��>$4s��^�>ΪMK��1��)}IZ��T�� @[>XݠKC�.�_�L�K�^B?�d�o��\=N�@�Z�W��a{�$U��ӛ]�ߕOH�g;�ga��U�+�3^��fGv��2�#�o��հش�5y ��@]c|�n;*4k#G��v0Q b�Z7R��ݭ�V�GT��s*�l��f"Z�F�8?#��d#h�b\�_��)HG�:C�I�M� xY�� b2��{��t �$j��}��f�g2*� X�}��c:�E�?� ��߷�� s)��V<3��bmAm��Jj�ڃ��x��4{l�cצ�ʞ!(�n��QPߖ3S�ɇ'6��agL��3��p�#O|��L�Q��,��%! �z0�]��g%��P>� �<֨'e��>=��B7�^�N��~�f6^�)�VzM1��q9ID�8��LwA4��I:�p�fד��!��~|l6v��=`�-A��U��|��zr��qJ�?��y��Yv��L��D>�<��:�7f�T�E:��Wja��d��缥��}�Gr��1�P�qd+�`!��d(W��>��M��7��1q.j�"��\��+W�Q�c�ʫ��Z}M��z�h_��A��/D�3��nM��a��f#7b�7��oS��u��Rĩk�&�ơ)�w��g:ï��]�Q��`Я��_�AAK{3(��6>Ku��ā�,�)K/��a��=��gE��jVEOc�UcJ۪��xZd�;��3c'��9�8;D�_͏|�2u!��w/�0��dxRև;k�:l�� P~��Y80$�r��q��ko'�䳒��m�/�˵�`�O��΀��y��p��@�'D_��Z�F��4��<�ju]�Z��vǭ�lZ��,h��:��@I�U��ަD�>��D��-M��9_��E�:�硾J{%��0 �n�4��;�SA0xn��B��W��82-��0L�!�C �%N�3J��bp~�M�z2H��nƫ��P��zҵ.��;U�$/d��z,s: �K"�+�� 4nC��O�ò#hC�)2�t�i��Z%�#I8p͕Ü�R~" \gE<Ƀ��RR�IȻ|(Xn��ؼ�(Ș��Gh0#�tS,��F��+K��#3�'��秿@��8� F��8�e��N��hƐ+�b�_��K�{��0�B�V��&��=Y�c<3J��о�́'K��0܀%)�l��l�`��>�W\��NJ"��K^|47��~�f��&��NM�_v� u&7ڞ�v��<��Z>;uS<�� czB!og��վi�9�E��:_��bx�~�mUSŕoɢxR �&0��g��VoV$��-��c!q��6�O$�y�]��"A]�Mao��U��@G�� {�uu��+V��:��q��r��F^_)�@��Ȝݸ� ��o��t$��x"~��ߋ�/��|[I}�#ڤ,w�V.��QM�Q6�Ͽ�y�r� �c.XYo�n��i݉��o��E�^AC�:�z�q�N�7:�Ӭ]��\��!��G��|5n�_��1�u�2��GJ>V:��8��]K��Şaԕ�\� �$W�/z�g;��V*�j1z�w�Fϧ2�1+��~�:Cx�Q��j�`G�sBoe��ل��^�E��7"�e��q��Y!wLZ��x�\� ;�KVBS�L�6��;^Pid��ٻ�Ք��m[�KR��(6�?h�M��-��9ޓn�e��!j��v��`A��x��Ώ�;Oy�1sUr��(�x�Y��0��9��JL|@��܎��U�o�$.(�,�m��wq�Q�b��Ku��dd9ٲQ��(�� w_Κ5��?4��wq/��>��zvFNC.P̥V��`:D��|��ǲ|�u��Dow*�

Sections

.text
Size: - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 991KB - Virtual size: 990KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05452605ede4537c3b7db8cbe74c1edd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

wininet

user32

Exports

Exports

Sections

.text Size: - Virtual size: 62KB

.rdata Size: - Virtual size: 14KB

.data Size: - Virtual size: 27KB

.UPX0 Size: - Virtual size: 933KB

.tls Size: 512B - Virtual size: 24B

.UPX1 Size: 991KB - Virtual size: 990KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: - Virtual size: 62KB

.rdata
Size: - Virtual size: 14KB

.data
Size: - Virtual size: 27KB

.UPX0
Size: - Virtual size: 933KB

.tls
Size: 512B - Virtual size: 24B

.UPX1
Size: 991KB - Virtual size: 990KB

.reloc
Size: 512B - Virtual size: 312B