882610a6a11c862c3ec2affc0649863bdcbc73b39036e0d64f82a01fa9f8a887

Sharing

Copy URL Twitter E-mail

General

Target

882610a6a11c862c3ec2affc0649863bdcbc73b39036e0d64f82a01fa9f8a887
Size

116KB
MD5

90ce7bba8a3347cf76ba65a0b95c8310
SHA1

e1c0fe0012bdd0ad15f9ef0c6e737a9f1a537fd9
SHA256

882610a6a11c862c3ec2affc0649863bdcbc73b39036e0d64f82a01fa9f8a887
SHA512

d4f3f17006c90bd2afd622188291dc2dfe133d3a241257612b58b4ae6e631c38e1fee14c507951d41e1e89fbf4ed2aad9b21f58b302a247cf116ab3dce569f24
SSDEEP

1536:VhZtFON3QoZBy33ZVVYdlOPxFziS4pN9WmCNWEAZpungOzp+edWTgLrpp:4N/a3lyOPDzinsNWqngwUY

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

882610a6a11c862c3ec2affc0649863bdcbc73b39036e0d64f82a01fa9f8a887
.exe windows x86

6477367cc91ee2bf0ec44b4f7a275b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

qqmusiccommon

?WriteLog@qqmusic@@YAXKPB_WZZ
?SetChildData@CMarkup@@QAE_NUMCD_CSTR@@H@Z
?GetAttrib@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@UMCD_CSTR@@@Z
?GetChildData@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
??1CMarkup@@QAE@XZ
?GetAppDataFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetModuleFolder@qqmusic@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PAUHINSTANCE__@@@Z
?OutOfElem@CMarkup@@QAE_NXZ
??0CMarkup@@QAE@XZ
?SetDoc@CMarkup@@QAE_NABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?FindElem@CMarkup@@QAE_NUMCD_CSTR@@@Z
?FindChildElem@CMarkup@@QAE_NUMCD_CSTR@@@Z
?IntoElem@CMarkup@@QAE_NXZ
?URLDecode@qqmusic@@YAXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?UTF8URLEncode@qqmusic@@YAXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
?Gbk2W@CQMStrCvt@@SAPA_WPBD@Z

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
GetFileSize
ReadFile
WriteFile
LeaveCriticalSection
GetSystemTimeAsFileTime
SizeofResource
LockResource
EnterCriticalSection
LoadResource
SetLastError
FindResourceExW
CreateFileW
GetFileAttributesExW
MultiByteToWideChar
GetLastError
CloseHandle
DeleteFileW
InitializeCriticalSection
InterlockedIncrement
GetCurrentThreadId
GetModuleHandleW
DeleteCriticalSection
InterlockedDecrement
SetEvent
WaitForSingleObject
lstrlenW
FindResourceW
RaiseException
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetProcAddress

user32

PostThreadMessageW
UnregisterClassA

shell32

ShellExecuteExW
SHCreateDirectoryExW

ole32

CoLoadLibrary
CoInitialize
CoCreateInstance
CoUninitialize

atl80

ord64

shlwapi

PathFileExistsW

msvcp80

??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_CxxThrowException
__CxxFrameHandler3
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_initterm
??3@YAXPAX@Z
memcpy_s
??1exception@std@@UAE@XZ
??_V@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
_recalloc
??0exception@std@@QAE@XZ
memmove_s
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
calloc
_wcsicmp
free
memset
rand
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6477367cc91ee2bf0ec44b4f7a275b58

Headers

DLL Characteristics

File Characteristics

Imports

qqmusiccommon

kernel32

user32

shell32

ole32

atl80

shlwapi

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.UPX
Size: 60KB - Virtual size: 60KB