cd4e9e74ab65587d86d8b433ebefedb29457f56622f4ad3a8daff73c60c2e937

Sharing

Copy URL

Twitter E-mail

General

Target

cd4e9e74ab65587d86d8b433ebefedb29457f56622f4ad3a8daff73c60c2e937
Size

1.3MB
MD5

0f4c9d4bfbbc70a9c7c2916e1768213c
SHA1

2f5ba1f61f47cf8f3b822c709532aa7a8c8320f2
SHA256

cd4e9e74ab65587d86d8b433ebefedb29457f56622f4ad3a8daff73c60c2e937
SHA512

1d543f2991ec0d4d24bbeced6676ba0be62ea115058c270d6b83e26304a894523fe3fb7706ec87ce6234c98b8945fcd1f478bd03a10ad0a41e74f08f5af645f2
SSDEEP

24576:QSCTFByI91ff1kKgHeJa3xqO5D/83ginRO/qRjUa3lG2euJDS6hM:Wp9h9eEg/viRhJPle0DSF

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

cd4e9e74ab65587d86d8b433ebefedb29457f56622f4ad3a8daff73c60c2e937
.exe windows x86

ba5f7c272ee24b5904c31368971b7e0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
ConnectNamedPipe
CreateEventW
GetExitCodeProcess
CreateNamedPipeW
GetDriveTypeW
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetConsoleWindow
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CompareStringW
MultiByteToWideChar
GetACP
GetOEMCP
GetCPInfo
GetCPInfoExW
EnumSystemCodePagesW
SetConsoleTitleW
GetTickCount
GetConsoleScreenBufferInfo
GetStdHandle
GetShortPathNameW
GetLongPathNameW
GetLocaleInfoW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
InterlockedDecrement
InterlockedIncrement
GetDiskFreeSpaceW
SetEnvironmentVariableW
WideCharToMultiByte
GetLogicalDrives
FlushFileBuffers
GetConsoleAliasW
SetConsoleOutputCP
SetConsoleCP
SetConsoleWindowInfo
SetConsoleScreenBufferSize
AllocConsole
FreeConsole
ReadConsoleInputW
PeekConsoleInputW
CreateProcessW
GetConsoleOutputCP
GetConsoleCP
FreeLibrary
GetProcAddress
LoadLibraryW
GetEnvironmentVariableW
GetTempPathW
GetVolumeInformationW
GetFileSizeEx
SetFilePointerEx
GetLogicalDriveStringsW
SearchPathW
QueryDosDeviceW
GetModuleFileNameW
GetConsoleTitleW
MoveFileW
ExpandEnvironmentStringsW
GetFileType
GetDiskFreeSpaceExW
GetCompressedFileSizeW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemTime
GetSystemTimeAsFileTime
FileTimeToDosDateTime
LCMapStringW
ReleaseMutex
GetCurrentProcess
WaitForMultipleObjects
CreateThread
CreateMutexW
GetFileInformationByHandle
SetVolumeMountPointW
GetOverlappedResult
FindCloseChangeNotification
FindFirstChangeNotificationW
GetModuleHandleW
GlobalMemoryStatusEx
GetComputerNameW
GetComputerNameExW
SetConsoleMode
GetConsoleMode
FlushConsoleInputBuffer
WriteConsoleInputW
SetConsoleCursorPosition
SetConsoleCursorInfo
GetConsoleCursorInfo
SetConsoleTextAttribute
WriteConsoleOutputW
ReadConsoleOutputW
GetConsoleDisplayMode
SetConsoleActiveScreenBuffer
GetLargestConsoleWindowSize
SetConsoleCtrlHandler
CompareStringA
GetSystemInfo
IsDebuggerPresent
GetVersionExW
GetProcessHeap
LocalFree
FormatMessageW
GetTempFileNameW
OpenProcess
SetFileApisToOEM
LoadLibraryExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CompareFileTime
GetNumberFormatW
SetStdHandle
WriteProcessMemory
VirtualProtect
RaiseException
CreateFileA
SetEnvironmentVariableA
WriteConsoleW
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
LoadLibraryA
LCMapStringA
InitializeCriticalSectionAndSpinCount
VirtualQuery
SetFilePointer
VirtualAlloc
VirtualFree
HeapCreate
RtlUnwind
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
HeapReAlloc
HeapSize
HeapAlloc
HeapFree
GetTimeZoneInformation
TerminateProcess
SetErrorMode
WaitNamedPipeW
CreateFileW
GetCurrentProcessId
Sleep
DeviceIoControl
SetFileTime
GetFileTime
SetEndOfFile
FindClose
FindNextFileW
FindFirstFileW
CreateHardLinkW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
CopyFileExW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
DisconnectNamedPipe
CloseHandle
WriteFile
ReadFile
SetLastError
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DefineDosDeviceW
InitializeCriticalSection

user32

IsCharUpperW
CharToOemBuffW
CharLowerW
FlashWindowEx
GetWindowInfo
CharUpperBuffW
RegisterClipboardFormatW
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EmptyClipboard
IsCharAlphaW
IsIconic
IsZoomed
CharUpperW
MessageBeep
CloseClipboard
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
SystemParametersInfoW
SetForegroundWindow
GetWindowPlacement
ShowWindowAsync
OpenClipboard
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
wsprintfW
WaitForInputIdle
PostMessageW
IsCharAlphaNumericA
OemToCharBuffA
CharToOemA
OemToCharA
IsCharAlphaA
IsCharLowerA
IsCharUpperA
CharUpperA
CharLowerA
GetKeyboardLayoutList
ToUnicodeEx
VkKeyScanW
MapVirtualKeyW
GetKeyState
keybd_event
IsCharLowerW
CharLowerBuffW
IsCharAlphaNumericW
SendMessageW
CopyIcon
GetDoubleClickTime

winspool.drv

ClosePrinter
EnumPrintersW
OpenPrinterW
StartDocPrinterW
WritePrinter
ord203
EndDocPrinter

advapi32

GetLengthSid
LookupAccountSidW
LookupAccountNameW
SetNamedSecurityInfoW
EncryptFileW
DecryptFileW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetFileSecurityW
SetFileSecurityW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
EqualSid
IsValidSid
GetSecurityDescriptorOwner
IsTextUnicode
RegSetValueExW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
CopySid

shell32

ShellExecuteExW
ShellExecuteW
ExtractIconExW
SHFileOperationW

mpr

WNetCloseEnum
WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetUniversalNameW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

secur32

GetUserNameExW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba5f7c272ee24b5904c31368971b7e0f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

mpr

ole32

secur32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 70KB - Virtual size: 253KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 39KB - Virtual size: 38KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 70KB - Virtual size: 253KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 39KB - Virtual size: 38KB

.UPX0
Size: 104KB - Virtual size: 252KB