fe046c42019ae281a6d65360bcc571ddb70e38206a071d9b9f519e8a46c20dc7

Sharing

Copy URL Twitter E-mail

General

Target

fe046c42019ae281a6d65360bcc571ddb70e38206a071d9b9f519e8a46c20dc7
Size

122KB
MD5

939ff8f48d9e76746914c304e0f878c0
SHA1

509f9e5a65029d4b23b1ac81c02898d7763a6bfa
SHA256

fe046c42019ae281a6d65360bcc571ddb70e38206a071d9b9f519e8a46c20dc7
SHA512

067edc23fff6fd0ea7b3d05bc7ad7d8033fc7da4054eb32b39f0ed01aa31390b897d5b634b9772891b64046031503c3dc147b9965ee61643f47d73111a4fd6cc
SSDEEP

1536:+HHnBDpfvqE8eorRwjJoMKEw2XRnToIf9IO8srYF:+hFfS7BuK9mTBf386U

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fe046c42019ae281a6d65360bcc571ddb70e38206a071d9b9f519e8a46c20dc7
.exe windows x86

5397bbf78ec59b4bd85a2f6d90c36273

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenA
lstrcmpiA
WriteProcessMemory
WriteFile
WinExec
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
VirtualAlloc
TerminateThread
TerminateProcess
Sleep
SizeofResource
SetThreadPriority
SetThreadContext
SetPriorityClass
SetNamedPipeHandleState
SetFilePointer
SetFileAttributesA
ResumeThread
ReadProcessMemory
ReadFile
OpenProcess
MoveFileA
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTickCount
GetThreadPriority
GetThreadContext
GetSystemDirectoryA
GetStartupInfoA
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetLogicalDriveStringsA
GetLocalTime
GetFileSize
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentVariableA
GetDriveTypeA
GetCurrentThread
GetCurrentProcess
GetComputerNameA
FindResourceA
FindNextFileA
FindFirstFileA
ExitThread
ExitProcess
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateProcessA
CreatePipe
CreateFileA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
GetCurrentThreadId
ExitProcess
CreateThread
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetCommandLineA
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
EnumServicesStatusA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle

avicap32

capCreateCaptureWindowA

gdi32

SelectObject
GetObjectA
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

shell32

ShellExecuteA
SHFileOperationA

user32

UnhookWindowsHookEx
TranslateMessage
ToAscii
ShowWindow
SetWindowsHookExA
SetWindowTextA
SetClipboardData
SendMessageA
ReleaseDC
OpenClipboard
MessageBoxA
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetMessageA
GetKeyboardState
GetKeyNameTextA
GetForegroundWindow
GetDesktopWindow
GetDC
GetClipboardData
GetClassNameA
FindWindowA
ExitWindowsEx
EnumWindows
EnableWindow
EmptyClipboard
DispatchMessageA
CloseClipboard
CallNextHookEx
CharNextA

ws2_32

inet_addr
ioctlsocket

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
send
select
recv
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
connect
closesocket
bind
accept

Sections

UPX0
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5397bbf78ec59b4bd85a2f6d90c36273

Headers

File Characteristics

Imports

kernel32

advapi32

avicap32

gdi32

shell32

user32

ws2_32

wsock32

Sections

UPX0 Size: 116KB - Virtual size: 116KB

.rsrc Size: 1024B - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 4KB

UPX0
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 4KB