57f62c2bccecd829acb410383d5f560feed10c696ea750899527788d1470b2d7

Sharing

Copy URL

Twitter E-mail

General

Target

57f62c2bccecd829acb410383d5f560feed10c696ea750899527788d1470b2d7
Size

712KB
MD5

82df055b503c91ddec6436dc9895a425
SHA1

02960207e992f48938182131923f6ea6bf2c4c62
SHA256

57f62c2bccecd829acb410383d5f560feed10c696ea750899527788d1470b2d7
SHA512

c7c9c038650d48ec3560b2354b0cfb841fa8addffedd086f72a21f09c19943f5469a4a71293d966e31dd49e11ff36565a0db6125bfc5b2d553938a18a483aaea
SSDEEP

12288:aDQNFEyqo3PlzYKXpdqUVTaRGisvrkExuIlpjBrHrr0h0f:aDQNqo3PlzNoUVTacbvrkKZ5Hd

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

57f62c2bccecd829acb410383d5f560feed10c696ea750899527788d1470b2d7
.exe windows x86

dc0ff02c162a0587740fee88a18c8433

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileSize
GetFileTime
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryExA
WaitForSingleObject
CreateProcessA
SystemTimeToFileTime
GetSystemTime
GetWindowsDirectoryA
GetTickCount
SetEvent
OpenEventA
GetPrivateProfileStringA
GetCurrentProcess
GetVersionExA
GetShortPathNameA
GetSystemDirectoryA
WinExec
ReadFile
SetFileTime
SetFileAttributesA
LoadLibraryA
FindNextFileA
IsBadWritePtr
IsBadReadPtr
GetPrivateProfileSectionNamesA
WritePrivateProfileSectionA
WritePrivateProfileStringA
RemoveDirectoryA
GlobalFree
GlobalUnlock
lstrcmpA
FindFirstFileA
GetModuleHandleA
GetVersion
CreateThread
lstrcpynA
Sleep
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
GetCurrentProcessId
CreateFileW
GetLocaleInfoA
LockResource
LoadResource
FindResourceA
FindClose
CreateEventA
QueryPerformanceFrequency
CreateFileA
CloseHandle
GetDiskFreeSpaceA
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedDecrement
LocalFree
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
SetLastError
MoveFileA
DeleteFileA
CopyFileA
GlobalAlloc
GlobalLock
lstrcpyA
GetFileAttributesA
CreateDirectoryA
GetPrivateProfileSectionA
MoveFileExA
GetModuleFileNameA
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
LCMapStringW
MapViewOfFile
UnmapViewOfFile
SearchPathA
VirtualProtect
VirtualQuery
InterlockedExchange
ResetEvent
QueryPerformanceCounter
GetCurrentThread
RtlUnwind
RaiseException
TlsSetValue
ExitThread
HeapAlloc
HeapFree
GetStartupInfoA
ExitProcess
TlsAlloc
TlsGetValue
FlushFileBuffers
SetStdHandle
GetOEMCP
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
GetFileType
GetCPInfo
LCMapStringA
TerminateProcess
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GetEnvironmentVariableA
HeapCreate
VirtualFree
VirtualAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
CreateFileMappingA
SetUnhandledExceptionFilter
GetACP
GetEnvironmentStrings

user32

CreateDialogIndirectParamA
CharLowerBuffA
wsprintfA
GetDesktopWindow
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
CharUpperA
ExitWindowsEx
DestroyWindow
LoadStringA
CharNextA
WaitForInputIdle
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
GetDlgItem
SendMessageA
SetDlgItemTextA
IsDialogMessageA

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
TranslateCharsetInfo

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegConnectRegistryA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
OpenThreadToken
RegEnumKeyExA
RegEnumValueA
AllocateAndInitializeSid
RegQueryValueA
FreeSid
EqualSid
GetTokenInformation

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

OleLoadFromStream
CoUnmarshalInterface
CoMarshalInterface
CoReleaseMarshalData
CreateFileMoniker
CLSIDFromString
CoCreateGuid
CoRegisterClassObject
StringFromCLSID
CreateItemMoniker
GetRunningObjectTable
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
ProgIDFromCLSID
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoInitialize
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoUninitialize
StgOpenStorage
StgCreateDocfile
CoRevokeClassObject

oleaut32

RegisterTypeLi
SysStringByteLen
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
SafeArrayPutElement
VariantCopy
VariantChangeType
VariantInit
LoadRegTypeLi
SysAllocStringLen
SysStringLen
SysReAllocStringLen
SysFreeString
SysAllocStringByteLen
SafeArrayGetDim
LoadTypeLi
SafeArrayCopy
SysAllocString
VariantClear
VariantCopyInd

msi

ord87
ord189
ord18
ord144
ord46
ord136
ord67
ord141
ord168
ord7
ord93
ord91
ord95
ord120
ord17
ord124
ord49
ord75
ord79
ord116
ord73
ord112
ord31
ord159
ord8
ord160
ord117
ord146
ord103
ord33

rpcrt4

RpcRaiseException
NdrConformantStringUnmarshall
RpcServerUseProtseqEpA
RpcServerUnregisterIf
RpcMgmtStopServerListening
NdrPointerBufferSize
NdrPointerMarshall
NdrPointerFree
NdrServerInitializeNew
NdrConvert
I_RpcGetBuffer
RpcServerRegisterIf
RpcServerListen

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc0ff02c162a0587740fee88a18c8433

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

comctl32

version

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 36KB - Virtual size: 121KB

.rsrc Size: 76KB - Virtual size: 72KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 36KB - Virtual size: 121KB

.rsrc
Size: 76KB - Virtual size: 72KB

.UPX0
Size: 108KB - Virtual size: 260KB