9fb1495187c85b5873e8285a0b3db37b6673b2ad8bd28202b11ed4879700c5fe

Sharing

Copy URL Twitter E-mail

General

Target

9fb1495187c85b5873e8285a0b3db37b6673b2ad8bd28202b11ed4879700c5fe
Size

264KB
MD5

0cda703208c1862f4098b41396e9a76e
SHA1

31628f68384251add3fba9eddab9cc014702f001
SHA256

9fb1495187c85b5873e8285a0b3db37b6673b2ad8bd28202b11ed4879700c5fe
SHA512

4297c0938eaa8ca1261544fba36e275cb8a41303127fc13ffc2fd8ba46fe04ec8e93e2cbb0406906200139830162f064704b935bc266cbc8c8e363d5e9662e6d
SSDEEP

6144:eo/PE80aXPkFF+3KMwJBuPNEtdzgGjXbyL:eoPXPkFF+3KMwJBuPKtdzkL

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

9fb1495187c85b5873e8285a0b3db37b6673b2ad8bd28202b11ed4879700c5fe
.exe windows x86

1c7a58f1a59fdbde3b2262fdb8832b71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA
PathFileExistsA
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

ddraw

DirectDrawCreateEx

d3d9

Direct3DCreate9

mfc71

ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5165
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4265
ord635
ord664
ord427
ord395
ord4541
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord5960
ord4261
ord3333
ord566
ord757
ord1144
ord1128
ord2248
ord1917
ord1160
ord1161
ord593
ord5119
ord334
ord1054
ord1185
ord3255
ord865
ord911
ord6178
ord3684
ord3596
ord4100
ord2094
ord3244
ord1955
ord2371
ord1283
ord1063
ord3946
ord5152
ord5214
ord4282
ord5175
ord572
ord760
ord5331
ord6297
ord5320
ord6286
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord300
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord5205
ord4185
ord5073
ord581
ord1167
ord1092
ord1209
ord1908
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord4342
ord6275
ord2468
ord5403
ord4299
ord2271
ord3997
ord5563
ord5529
ord6138
ord4104
ord3934
ord4067
ord870
ord781
ord314
ord2322
ord784
ord1903
ord1482
ord6118
ord2933
ord299
ord2902
ord1489
ord297
ord310
ord3466
ord1084
ord762
ord3648
ord764
ord876
ord578
ord304
ord265
ord266
ord1187
ord1191
ord315
ord765
ord4481
ord1207

msvcr71

__CxxFrameHandler
_mbsicmp
_localtime64
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_splitpath
swprintf
_makepath
_time64
_vsnprintf
wcscpy
_except_handler3
_resetstkoflw
free
malloc
_stricmp
_setmbcp
sprintf
fclose
sscanf
strstr
fgets
fopen
fputs
_purecall
wcsncpy
realloc
ceil
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

OutputDebugStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CloseHandle
TerminateProcess
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetPrivateProfileSectionA
GetModuleFileNameA
GetFileAttributesA
GetPrivateProfileStringA
FindClose
FindFirstFileA
CreateMutexA
GetModuleHandleA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
DeleteFileA
GetVersionExW
InterlockedIncrement
InterlockedDecrement
lstrcpynA
lstrcpyA
lstrcatA
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
GetCommandLineA
GetCurrentThreadId
CreateDirectoryA
LocalFree
LocalAlloc
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetPrivateProfileIntA
LoadLibraryExA
WritePrivateProfileStringA
GetModuleFileNameW
FreeLibrary
GetProcAddress
FindNextFileA
LoadLibraryA

user32

EnableWindow
GetCursorPos
TrackPopupMenu
SetMenuDefaultItem
SetForegroundWindow
SendMessageA
LoadMenuA
GetSubMenu
GetMenuItemID
GetClassInfoA
CharNextA
FindWindowA
RegisterWindowMessageA
UnhookWindowsHookEx
DestroyIcon
PostQuitMessage
LoadIconA
IsWindow
SetWindowsHookExA
GetKeyState
CallNextHookEx
wsprintfA
KillTimer
SetTimer
PostMessageA

advapi32

RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoInitialize
GetRunningObjectTable
CreateClassMoniker
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
VariantInit
VarBstrCmp
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c7a58f1a59fdbde3b2262fdb8832b71

Headers

File Characteristics

Imports

shlwapi

ddraw

d3d9

mfc71

msvcr71

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 28KB - Virtual size: 27KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 28KB - Virtual size: 27KB

UPX0
Size: 144KB - Virtual size: 380KB