5edc7aec32e2d1b24a59f4b6358b787dc1a3c35524465d5ae5f0a6d8fe0ed526

Sharing

Copy URL Twitter E-mail

General

Target

5edc7aec32e2d1b24a59f4b6358b787dc1a3c35524465d5ae5f0a6d8fe0ed526
Size

436KB
MD5

93c036f4c43031d168310ad701b1e430
SHA1

fb9904030b405f4734e78268654995604b721a70
SHA256

5edc7aec32e2d1b24a59f4b6358b787dc1a3c35524465d5ae5f0a6d8fe0ed526
SHA512

341b8f2ba0701be5bd97415477bd301e0c74b14c1889467484f921efa0483a1547afeade594ca616b5a204082856a171cfa85ea9415908f2d07561aae5df7375
SSDEEP

6144:UBPFJVOVNHh85jjx7vwVnHmJtq8Ef5qEdq4xtrSlX/teFxAsqBh0rcKdAM2yFH7j:URFc65/CsbqFI0YP2AM2yNbSzs

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

5edc7aec32e2d1b24a59f4b6358b787dc1a3c35524465d5ae5f0a6d8fe0ed526
.exe windows x86

670d9de22921ea5cfca288585856fd69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mfc42u

DllCanUnloadNow
DllGetClassObject
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllRegisterServer
DllUnregisterServer
?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B

ole32

CoFileTimeToDosDateTime
SNB_UserMarshal
HACCEL_UserMarshal
StgConvertPropertyToVariant
OleUninitialize
CLIPFORMAT_UserMarshal
IsValidIid
StgGetIFillLockBytesOnFile
CoRegisterPSClsid
CoUnmarshalHresult
CoGetInstanceFromFile
GetErrorInfo
OleCreateEmbeddingHelper
IsValidInterface
CoDisconnectObject
CoQueryProxyBlanket
HPALETTE_UserSize
OleCreateFromData
CoCreateInstance
HBRUSH_UserSize
OleCreateDefaultHandler
CoMarshalInterThreadInterfaceInStream
OleGetIconOfClass
StgOpenStorageOnILockBytes
CoGetContextToken
CoDosDateTimeToFileTime
CoGetClassObject
HBRUSH_UserUnmarshal
HICON_UserFree
PropVariantCopy
StgOpenStorageEx
CoFreeAllLibraries
CoUnmarshalInterface
CoGetCancelObject
OleRun
OleCreateLinkFromData
CoMarshalHresult
StringFromGUID2
HENHMETAFILE_UserFree
OleInitializeWOW
HGLOBAL_UserMarshal
HGLOBAL_UserSize
WriteClassStm
ProgIDFromCLSID
CoSetState
HACCEL_UserSize
CoAddRefServerProcess
CoDeactivateObject
STGMEDIUM_UserMarshal
WdtpInterfacePointer_UserMarshal
CoRevokeClassObject
HENHMETAFILE_UserUnmarshal
EnableHookObject
StgIsStorageFile
HMETAFILEPICT_UserFree
OleLockRunning
StgCreateDocfileOnILockBytes
IsAccelerator
OleConvertIStorageToOLESTREAM
SNB_UserUnmarshal
StgConvertVariantToProperty
HMENU_UserFree
CLIPFORMAT_UserSize
MonikerRelativePathTo
CoInitializeSecurity
IIDFromString
BindMoniker
CoRegisterSurrogateEx
HMETAFILE_UserFree
CoIsHandlerConnected
CoRegisterClassObject
HMETAFILEPICT_UserSize
CoGetMarshalSizeMax
CoAllowSetForegroundWindow
OleSave
DllRegisterServer
WdtpInterfacePointer_UserSize
OleCreateStaticFromData
StgOpenPropStg
HMENU_UserSize
HDC_UserFree
HGLOBAL_UserUnmarshal
CoGetPSClsid
StgIsStorageILockBytes
OleCreate
OleSetAutoConvert
ReadFmtUserTypeStg
WriteFmtUserTypeStg
ReadClassStm
CoRegisterMallocSpy
RegisterDragDrop
StringFromCLSID
GetConvertStg
CoGetMalloc
CreatePointerMoniker
OleIsCurrentClipboard
CoUninitialize
OleGetClipboard
ReadStringStream
SetConvertStg
WdtpInterfacePointer_UserUnmarshal
OleSaveToStream
OleDraw
CreateDataAdviseHolder
GetRunningObjectTable
OleDuplicateData
CoQueryAuthenticationServices

oledlg

OleUIAddVerbMenuW
OleUIObjectPropertiesW
OleUIInsertObjectA
OleUIChangeSourceW
OleUIPasteSpecialA
OleUIConvertW
OleUIPromptUserW
OleUIUpdateLinksA
OleUIPasteSpecialW
OleUICanConvertOrActivateAs
OleUIUpdateLinksW
OleUIBusyA
OleUIInsertObjectW
OleUIChangeIconW
OleUIBusyW
OleUIPromptUserA
OleUIObjectPropertiesA
OleUIAddVerbMenuA
OleUIChangeSourceA
OleUIEditLinksA
OleUIChangeIconA
OleUIConvertA
OleUIEditLinksW

kbdblr

KbdLayerDescriptor

kernel32

ResetEvent
GetCurrentProcess
FatalAppExitA
SetThreadPriorityBoost
GetTickCount
SetEvent
GetAtomNameW
SignalObjectAndWait
HeapQueryInformation
GetBinaryTypeA
lstrlenA
GetFileAttributesA
SetCommBreak
QueueUserAPC
BuildCommDCBAndTimeoutsW
FindVolumeClose
GetSystemTime
VerSetConditionMask
GetVersionExA
ReplaceFile
SetProcessShutdownParameters
ReadConsoleOutputCharacterW
VirtualAlloc
GetProcessHeap
SetCriticalSectionSpinCount
IsDBCSLeadByteEx
CreateEventA
IsValidLanguageGroup
GetStartupInfoA
SetLocaleInfoW
RaiseException
QueryPerformanceFrequency
SetTermsrvAppInstallMode
GetVersionExW
GetNumberFormatA
UnhandledExceptionFilter
GetDevicePowerState
GetModuleHandleW
GetLocaleInfoA
GetSystemDefaultLangID
WriteFile
GlobalHandle
DebugActiveProcess
QueryPerformanceCounter
CloseHandle
GetStartupInfoW
SetConsoleMode
lstrcmpA
HeapAlloc
DosPathToSessionPathA
CloseProfileUserMapping
ConsoleMenuControl

gdi32

GetPixel
GdiEntry15
PolyBezier
SetDeviceGammaRamp
GetEUDCTimeStampExW
SetColorAdjustment
GetViewportExtEx
STROBJ_dwGetCodePage
EnumICMProfilesW
EnumFontFamiliesA
FontIsLinked
SetWindowOrgEx
ArcTo
PlayMetaFile
ExtCreatePen
DeviceCapabilitiesExW
ScaleViewportExtEx
STROBJ_bEnum
SetBkMode
GdiEndDocEMF
SetSystemPaletteUse
EnumICMProfilesA
GdiFlush
GetRgnBox
GetDCOrgEx
FillPath
GetTextExtentExPointWPri
GetEnhMetaFileBits
GdiGetLocalFont
DeleteDC
EngTransparentBlt
AddFontMemResourceEx
EngMultiByteToUnicodeN
CreatePolyPolygonRgn
SetMagicColors
CreatePatternBrush
AbortDoc
GetAspectRatioFilterEx
GetFontAssocStatus
DescribePixelFormat
FONTOBJ_pvTrueTypeFontFile
SetTextColor
StartDocA
GdiGetSpoolFileHandle
DeleteObject
GdiGetPageHandle
UnrealizeObject
EngAlphaBlend
SetDIBColorTable
Pie
CreateSolidBrush
SetWinMetaFileBits
PATHOBJ_bEnum
GetPolyFillMode
XLATEOBJ_iXlate
EudcLoadLinkW
Ellipse
GdiCreateLocalMetaFilePict
GdiAlphaBlend
SetBitmapBits
EnumObjects
GetTextExtentPointA
EngGradientFill
EngGetPrinterDataFileName
GetBkColor
SelectObject
GetCharABCWidthsFloatA
EnumMetaFile
CreatePalette
SetMapMode
OffsetViewportOrgEx
CopyMetaFileA
EngStretchBlt
SetICMProfileW
GetEnhMetaFileDescriptionA
CreateDIBPatternBrushPt
FrameRgn
EngCreateDeviceBitmap
GdiReleaseDC
GdiConvertBitmap
SetROP2
CreateEllipticRgn
CreateRectRgnIndirect
GdiTransparentBlt
AddFontResourceExA
FONTOBJ_vGetInfo
EngAcquireSemaphore
EngPlgBlt
GetFontLanguageInfo
GdiEntry14
IntersectClipRect
CreateBitmap
PATHOBJ_vEnumStart
EngLockSurface
EngCheckAbort
BRUSHOBJ_hGetColorTransform
GetKerningPairsW
SetPaletteEntries
EngFreeModule
DeleteEnhMetaFile
Polygon
SetWindowExtEx
BRUSHOBJ_pvAllocRbrush
GdiDllInitialize
CreateFontW
EngCreateClip
GetStockObject
EudcUnloadLinkW
GetGlyphOutlineWow
SetRectRgn
EngMultiByteToWideChar
GdiGetLocalDC
SetWorldTransform
Chord
bMakePathNameW
EngPaint
CreateFontIndirectA
GdiEntry3
RectVisible
TextOutW
ExtFloodFill
CreateDIBSection
FONTOBJ_pQueryGlyphAttrs
GdiEntry7
GdiSetAttrs

d3d8thk

OsThunkDdBeginMoCompFrame
OsThunkDdCreateD3DBuffer
OsThunkDdSetOverlayPosition
OsThunkDdLockD3D
OsThunkDdCreateSurface
OsThunkDdGetDC
OsThunkDdUpdateOverlay
OsThunkDdSetExclusiveMode
OsThunkDdGetScanLine
OsThunkDdColorControl
OsThunkDdFlipToGDISurface
OsThunkDdGetMoCompGuids
OsThunkDdUnattachSurface
OsThunkD3dContextDestroyAll
OsThunkDdFlip
OsThunkDdDeleteDirectDrawObject
OsThunkDdEndMoCompFrame
OsThunkDdReenableDirectDrawObject
OsThunkDdAlphaBlt
OsThunkDdGetMoCompFormats
OsThunkDdUnlock
OsThunkDdSetColorKey
OsThunkDdDestroyMoComp
OsThunkDdQueryDirectDrawObject
OsThunkD3dContextCreate
OsThunkDdCreateDirectDrawObject
OsThunkDdSetGammaRamp
OsThunkDdCreateSurfaceEx
OsThunkDdCreateMoComp
OsThunkDdRenderMoComp
OsThunkDdGetBltStatus
OsThunkD3dDrawPrimitives2
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetDriverState
OsThunkDdDestroyD3DBuffer
OsThunkDdCreateSurfaceObject
OsThunkD3dContextDestroy
OsThunkDdBlt
OsThunkDdAttachSurface
OsThunkDdGetMoCompBuffInfo
OsThunkDdLock
OsThunkDdQueryMoCompStatus
OsThunkDdCanCreateD3DBuffer
OsThunkDdUnlockD3D
OsThunkDdGetDxHandle
OsThunkDdCanCreateSurface
OsThunkDdDestroySurface
OsThunkDdDeleteSurfaceObject
OsThunkDdGetAvailDriverMemory
OsThunkDdReleaseDC
OsThunkD3dValidateTextureStageState
OsThunkDdResetVisrgn
OsThunkDdGetDriverInfo
OsThunkDdGetFlipStatus
OsThunkDdWaitForVerticalBlank
OsThunkDdAddAttachedSurface

comctl32

InitCommonControls
ImageList_EndDrag
ImageList_DrawIndirect
CreatePropertySheetPageW
DrawStatusTextA
ImageList_Create
ImageList_GetIcon
GetMUILanguage
InitializeFlatSB
CreateStatusWindowA
ImageList_LoadImageA
ImageList_Duplicate
CreateStatusWindow
LBItemFromPt
ImageList_Replace
FlatSB_SetScrollProp
ImageList_Destroy
ImageList_AddIcon
ImageList_BeginDrag
FlatSB_GetScrollPos
PropertySheetA
CreateUpDownControl
ImageList_DragLeave
FlatSB_SetScrollRange
MenuHelp
DrawInsert
ImageList_Merge
DllGetVersion
CreateStatusWindowW
CreateToolbar
FlatSB_GetScrollInfo
GetEffectiveClientRect
ImageList_SetIconSize
ImageList_Add
FlatSB_GetScrollProp
MakeDragList
UninitializeFlatSB
DrawStatusText
ImageList_DragShowNolock
ImageList_SetBkColor
ImageList_SetOverlayImage
FlatSB_SetScrollInfo
ImageList_Remove
ImageList_GetImageInfo
FlatSB_EnableScrollBar

user32

GetSystemMetrics
GetForegroundWindow
wsprintfA
LoadMenuA
GetWindowRect
GetSysColor
LoadBitmapA
GetClientRect
LoadIconA
LoadAcceleratorsA
LoadCursorA
wsprintfW
FindWindowW
GetWindowTextA
LoadBitmapW
LoadMenuW
FindWindowA

powrprof

LoadCurrentPwrScheme
DeletePwrScheme
SetSuspendState
SetActivePwrScheme
GetPwrCapabilities
GetActivePwrScheme
IsPwrShutdownAllowed
EnumPwrSchemes
CanUserWritePwrScheme
IsAdminOverrideActive
WritePwrScheme
IsPwrHibernateAllowed
ReadGlobalPwrPolicy
MergeLegacyPwrScheme
WriteGlobalPwrPolicy
ReadPwrScheme
GetCurrentPowerPolicies
IsPwrSuspendAllowed
ValidatePowerPolicies
CallNtPowerInformation
GetPwrDiskSpindownRange

Sections

.UPX1
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.UPX0
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

670d9de22921ea5cfca288585856fd69

Headers

File Characteristics

Imports

mfc42u

ole32

oledlg

kbdblr

kernel32

gdi32

d3d8thk

comctl32

user32

powrprof

Sections

.UPX1 Size: - Virtual size: 4KB

.UPX0 Size: 512B - Virtual size: 4B

.text Size: 17KB - Virtual size: 17KB

.data Size: 416KB - Virtual size: 415KB

.rsrc Size: 1024B - Virtual size: 868B

.UPX1
Size: - Virtual size: 4KB

.UPX0
Size: 512B - Virtual size: 4B

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 416KB - Virtual size: 415KB

.rsrc
Size: 1024B - Virtual size: 868B