38990c523f9c0bbad5e334459d95ad9cd63eaba979305aa78fc61208563507bc

Sharing

Copy URL Twitter E-mail

General

Target

38990c523f9c0bbad5e334459d95ad9cd63eaba979305aa78fc61208563507bc
Size

539KB
MD5

93a26ad4e9c343ad0012437f026ae95a
SHA1

7a747286315d29430aebff596c010f7b02c9e593
SHA256

38990c523f9c0bbad5e334459d95ad9cd63eaba979305aa78fc61208563507bc
SHA512

a489e919a041665a807095988f147db3624d3a59a5320b1ef718f6d6984e6289c8850f45fb61716dae55c0ce8eb05f51427ca83217b1ab5b748dc1c4b5cd550d
SSDEEP

12288:G1ntbenR/SajR0to3oHc5h8TVnzE4UZmHqv92UEK:ktanR6aRWo3o99Gl2UEK

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

38990c523f9c0bbad5e334459d95ad9cd63eaba979305aa78fc61208563507bc
.exe windows x86

691ded370f435054cc378616b00e53b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
OpenProcessToken
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
OpenThreadToken
LookupAccountNameW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegEnumValueW
ImpersonateLoggedOnUser
GetSecurityDescriptorLength
GetSidSubAuthority
RevertToSelf
InitializeSid
GetSidLengthRequired
AddAccessDeniedAce
LookupAccountSidW
CreateWellKnownSid
ConvertSidToStringSidW
SetTokenInformation
IsValidAcl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CheckTokenMembership
CopySid

kernel32

FormatMessageW
UnmapViewOfFile
ReleaseMutex
OpenMutexW
LCMapStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
CreateFileW
lstrcmpW
CompareFileTime
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetDriveTypeW
FindClose
DuplicateHandle
GetCurrentThread
GetSystemDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetStartupInfoA
InterlockedCompareExchange
GetStringTypeExW
GetEnvironmentVariableW
lstrlenA
InterlockedExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetVersionExA
OutputDebugStringW
LoadLibraryW
CreateFileMappingW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
ExpandEnvironmentStringsW
GetFileAttributesW
DeleteFileW
HeapSetInformation
GetCurrentProcessId
SetPriorityClass
SetEnvironmentVariableW
CreateMutexW
CreateFileA
GetLocalTime
FlushViewOfFile
DeleteFileA
CopyFileA
GetSystemTimeAsFileTime
MapViewOfFile
Sleep
MultiByteToWideChar
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetVersionExW
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentProcess
GetModuleFileNameW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryW
GetUserDefaultLCID
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleExW
GetProcAddress
GetLastError
WideCharToMultiByte
CompareStringW
FreeLibrary
CreateEventW
CreateThread
WaitForMultipleObjects
GetVolumeInformationW
SetEvent
WaitForSingleObject
CloseHandle
lstrlenW
GetCommandLineW

user32

UnregisterClassA
LoadStringW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
GetKeyboardLayout

msvcrt

_lseeki64
_fileno
wcspbrk
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
isdigit
_controlfp
memmove
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_write
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_wcslwr
_errno
__CxxFrameHandler
wcsstr
malloc
memcpy
wcsrchr
memset
_wcsnicmp
wcsncmp
_vsnwprintf
calloc
free
_vscwprintf
_wcsicmp
_CxxThrowException
qsort
bsearch
_isatty
strncmp
_vsnprintf
_initterm
fprintf
wcschr
iswspace
_wtol
swscanf

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoImpersonateClient
CoRevertToSelf
CoInitializeSecurity
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
VarBstrCat
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

tquery

?ciNewNoThrow@@YGPAXI@Z
?ciNew@@YGPAXI@Z
?ciDelete@@YGXPAX@Z

shell32

ord165
SHGetFolderPathW
SHFileOperationW

userenv

GetUserProfileDirectoryW
GetProfilesDirectoryW
GetAllUsersProfileDirectoryW
GetDefaultUserProfileDirectoryW

mpr

WNetGetConnectionW

mssrch

??1CSearchServiceObj@@QAE@XZ
??0CSearchServiceObj@@QAE@XZ

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

SHGetValueW
PathIsUNCServerShareW
PathSkipRootW
PathIsUNCW
PathStripToRootW
SHCopyKeyW
ord219
SHEnumKeyExW
SHEnumValueW
SHStrDupW
SHRegGetValueW
PathFileExistsW
ord154
SHDeleteKeyW
PathAppendW
SHDeleteValueW
PathIsUNCServerW
SHSetValueW
PathAddBackslashW
PathRemoveBackslashW

Sections

.text
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

691ded370f435054cc378616b00e53b5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

wtsapi32

tquery

shell32

userenv

mpr

mssrch

netapi32

shlwapi

Sections

.text Size: 303KB - Virtual size: 302KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 18KB - Virtual size: 17KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 303KB - Virtual size: 302KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 18KB - Virtual size: 17KB

.UPX0
Size: 108KB - Virtual size: 260KB