c13559ae965c226c57853af2c10aa77189a37d5c1ef45f6943a5a19d2b42a0d7

Sharing

Copy URL Twitter E-mail

General

Target

c13559ae965c226c57853af2c10aa77189a37d5c1ef45f6943a5a19d2b42a0d7
Size

171KB
MD5

92a3202230d4cf192556cccec37056e0
SHA1

5ad462346058eb9619793efe222d6bb31642f2c7
SHA256

c13559ae965c226c57853af2c10aa77189a37d5c1ef45f6943a5a19d2b42a0d7
SHA512

2b215e4bdbe3b5e4e23eb35b271739853df1882bfdac091b0777ed824470b756c6dbaa49b701e95bcf2404ebdd7544f2677f75e94a4d39b84c06f91db89eb6f5
SSDEEP

3072:8sj5uJ1rSaIgckN8SOCXH2+puDwK3MET3CcMLj:8sHcROp4uE4JMv

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c13559ae965c226c57853af2c10aa77189a37d5c1ef45f6943a5a19d2b42a0d7
.exe windows x86

6be84b25ed346af1ddd1450a9c5267a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RevertToSelf
ImpersonateLoggedOnUser
DuplicateToken
GetTokenInformation
CredpEncodeSecret
CredRestoreCredentials
CredBackupCredentials

kernel32

LocalFree
LocalAlloc
GetFileSizeEx
CreateThread
DuplicateHandle
CreateFileW
SetEvent
GlobalFree
GetCommandLineW
HeapSetInformation
CreateEventW
WriteFile
OpenProcess
DeleteFileW
GetTempFileNameW
WaitForMultipleObjects
SleepEx
GetOverlappedResult
CloseHandle
GetLastError
GetTempPathW
FormatMessageW
HeapFree
GetProcessHeap
HeapAlloc
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
CancelIo
ReadFile
SetLastError

gdi32

GetObjectW
CreateFontIndirectW

user32

EnableWindow
SetFocus
SendMessageW
GetDlgItem
PostMessageW
GetDlgItemTextW
ShowWindow
SetWindowTextW
LoadStringW
CheckRadioButton
SetWindowLongW
GetWindowLongW
GetParent
SendDlgItemMessageW

msvcrt

__set_app_type
__p__fmode
__p__commode
?terminate@@YAXXZ
_amsg_exit
_controlfp
_vsnwprintf
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
swscanf
wcsncmp
memset
__setusermatherr
_except_handler4_common

comctl32

CreatePropertySheetPageW
PropertySheetW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ntdll

TpWaitForWait
TpAllocWait
NtOpenProcessToken
NtPrivilegeCheck
NtAdjustPrivilegesToken
NtClose
RtlNtStatusToDosError
TpReleaseWait
TpSetWait

crypt32

CryptProtectData
CryptUnprotectData

rpcrt4

RpcAsyncInitializeHandle
RpcStringBindingComposeW
NdrAsyncClientCall
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcBindingFree

shell32

CommandLineToArgvW

netutils

NetApiBufferFree

samcli

NetValidatePasswordPolicy

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6be84b25ed346af1ddd1450a9c5267a1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

comdlg32

ntdll

crypt32

rpcrt4

shell32

netutils

samcli

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB

UPX0
Size: 144KB - Virtual size: 380KB