747afee9d1bee0fc8c2cff2b4169382c35885c3d9224f17efce37d56c6913cab

Sharing

Copy URL Twitter E-mail

General

Target

747afee9d1bee0fc8c2cff2b4169382c35885c3d9224f17efce37d56c6913cab
Size

204KB
MD5

8225cd80db541aaa4b1804534c28a010
SHA1

b02ddd46aea4ab3fb565502a364ab159d520e779
SHA256

747afee9d1bee0fc8c2cff2b4169382c35885c3d9224f17efce37d56c6913cab
SHA512

6c659c263078318504534c196edbfaa0180c217dba022bdc8d1a49ec695c541dc2b3d0f501c852d672d61e3dfae37fba7f49c454ebafe91faade68f60679c585
SSDEEP

3072:mDxvbumkJf+VU1W3O4m6ZgPx1Itku9ninsNWqngwUY:mDBum0kUZ1hNnsNBR

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

747afee9d1bee0fc8c2cff2b4169382c35885c3d9224f17efce37d56c6913cab
.exe windows x86

1f1cccefb0b5e4206f08f96282088bf1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetFileSizeEx
GetLastError
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
LocalFree
FormatMessageA
GetSystemInfo
GetProcAddress
GetModuleHandleA
InterlockedDecrement
SetEvent
CreateEventA
OutputDebugStringA
ResumeThread
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
lstrlenW
InterlockedIncrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryA
HeapAlloc
HeapFree
InterlockedCompareExchange
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
ReadFile
WriteFile
SetFileAttributesA
CopyFileA
DeleteFileA
CreateProcessA
CreateFileA
GetFileSize
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
Sleep
OpenProcess
TerminateProcess
GetCurrentProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
LCMapStringW
GetVersionExA
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
LCMapStringA
IsValidCodePage
GetProcessHeap
RaiseException
GetOEMCP
GetCPInfo
HeapSize
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
VirtualQuery
VirtualProtect
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
IsProcessorFeaturePresent

user32

CreateDialogParamA
DefWindowProcA
TranslateMessage
DispatchMessageA
ShowWindow
SetWindowLongA
KillTimer
GetWindowLongA
SendMessageA
IsDialogMessageA
SetWindowPos
MapWindowPoints
CharNextA
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
GetParent
GetWindowThreadProcessId
FindWindowA
DestroyWindow
PostQuitMessage
LoadImageA
GetSystemMetrics
PostMessageA
PeekMessageA
UnregisterClassA
SetTimer
GetMessageA

advapi32

CryptHashData
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
AdjustTokenPrivileges
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantClear

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

ws2_32

ioctlsocket
recvfrom
ntohs
htonl
bind
WSACleanup
select
WSAGetLastError
htons
sendto
socket
WSAStartup

winmm

timeGetTime

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f1cccefb0b5e4206f08f96282088bf1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

ws2_32

winmm

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 6KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 6KB

.UPX
Size: 60KB - Virtual size: 60KB