632ab63476648b18609082e76bba1a309b59626518f1469661349b4fae556a02

Sharing

Copy URL Twitter E-mail

General

Target

632ab63476648b18609082e76bba1a309b59626518f1469661349b4fae556a02
Size

208KB
MD5

266cec00f28e25073237574e5b419d06
SHA1

421f66b644049bdc9171f3d214636b2e1bcdb79a
SHA256

632ab63476648b18609082e76bba1a309b59626518f1469661349b4fae556a02
SHA512

b750e434fa1060635fa7218a9e7c47f1a63e71ec0fa387d774defad1cfe3d5eb56f3093d5c4f38fb494fdb7f203255c3fa6a2517d3ebd784eee609e04ecab5ed
SSDEEP

3072:bus8Q2LmsR2lIjRwd+nilL7umg405ZH437t2x/FKXugpSL8L509w/AhxEPavaBfp:bTIjKciVCB43h2x8XugpSoL1AzbVkNH

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

632ab63476648b18609082e76bba1a309b59626518f1469661349b4fae556a02
.exe windows x86

a978b226bd6eb32e3088d97ef8194a70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetSystemDirectoryA
ReadFile
WaitForSingleObject
CreateFileA
GetFileSize
GetStartupInfoA
ReleaseSemaphore
CreateSemaphoreA
OpenProcess
GetCurrentThread
GetCurrentProcess
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleHandleA
GetShortPathNameA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
lstrlenA
GetCommandLineA
lstrcmpiA
OpenMutexA
CloseHandle
CreateMutexA
GetCurrentThreadId
WriteFile

oleaut32

RegisterTypeLi
SysStringLen
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

setupapi

SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiSetSelectedDevice
SetupDiSetDeviceRegistryPropertyA
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetINFClassA

shlwapi

PathFindExtensionA
PathRemoveFileSpecA

user32

PostThreadMessageA
LoadStringA
MessageBoxA
CharNextA
GetMessageA
DispatchMessageA

advapi32

CreateServiceA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
CloseServiceHandle
SetServiceStatus
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteValueA
DeleteService
ControlService
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
OpenProcessToken
OpenThreadToken
GetTokenInformation
LookupAccountSidA
StartServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
StringFromGUID2

msvcrt

??3@YAXPAX@Z
memmove
fopen
fread
fclose
ctime
time
srand
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbsnbcpy
_mbsnbicmp
atoi
strlen
strcpy
_mbsicmp
strcat
memcmp
memset
realloc
malloc
free
??2@YAPAXI@Z
rand
memcpy
puts
vsprintf
__CxxFrameHandler

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a978b226bd6eb32e3088d97ef8194a70

Headers

File Characteristics

Imports

kernel32

oleaut32

setupapi

shlwapi

user32

advapi32

ole32

msvcrt

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 12KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 12KB

.UPX0
Size: 104KB - Virtual size: 252KB