966dec77f2aee909eaf3ddd444f5f4b4c4717565680e02e140d7aab653308d45

Sharing

Copy URL Twitter E-mail

General

Target

966dec77f2aee909eaf3ddd444f5f4b4c4717565680e02e140d7aab653308d45
Size

1023KB
MD5

0e3aa1b453b27ad04ddb5a5e37e82680
SHA1

6caaaeaf17b83c05a40e697fecef0572a7ae4d18
SHA256

966dec77f2aee909eaf3ddd444f5f4b4c4717565680e02e140d7aab653308d45
SHA512

274407d696026f2fd3cbb1d61e88b1ce10cfb650217e5cc7efc8357a4ee1abad938d31abbd8ea78dc85eab336c03ad4552593342f26b10438d35dd379c83d6c0
SSDEEP

12288:GHZ6R9TZQmCgVIfyjB+Djy7pRsXdH+tai0622M9knG4TDJmuGa4yAS+pVo:IZ6RxfQfY+DjwIXdH+tTXM9knjfYuGa

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

966dec77f2aee909eaf3ddd444f5f4b4c4717565680e02e140d7aab653308d45
.exe windows x86

0267abbb22d4850362a4b84c25971393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
ControlService
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
IsValidSid
CopySid
AddAce
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegNotifyChangeKeyValue
DeregisterEventSource
ReportEventW
RegisterEventSourceW
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
ChangeServiceConfigW
StartServiceW
RegDeleteKeyW
SetSecurityInfo
RegEnumKeyExW
GetAce
GetSecurityInfo
EqualSid
SetSecurityDescriptorControl
RegGetKeySecurity
LookupAccountNameW
ConvertSidToStringSidW
RegQueryInfoKeyW
LookupAccountSidW
TraceEvent
GetTokenInformation
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

CreateTimerQueueTimer
ChangeTimerQueueTimer
MultiByteToWideChar
WriteFile
CreateFileW
CompareStringA
MulDiv
GetLongPathNameW
GetFullPathNameW
GetFileAttributesW
RemoveDirectoryW
UnregisterWaitEx
InterlockedCompareExchange
DeleteFileW
RegisterWaitForSingleObject
QueueUserWorkItem
FormatMessageW
CreateThread
WaitForMultipleObjects
GetStringTypeExW
DebugBreak
lstrcmpiW
GetComputerNameW
WideCharToMultiByte
lstrlenA
GetVersionExW
GetTempPathW
GetProcAddress
FreeLibrary
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
CreateEventW
SetLastError
SetThreadExecutionState
WaitForSingleObject
Sleep
GetTickCount
GetLastError
HeapSetInformation
CompareStringW
OpenEventW
SetEvent
InterlockedDecrement
InterlockedIncrement
lstrlenW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
ExitProcess
GetCommandLineW
GetStartupInfoW
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
CreateTimerQueue
FreeEnvironmentStringsA
DeviceIoControl
GetModuleHandleA
OpenMutexW
CreateMutexW
ReleaseMutex
GetCurrentThread
GetThreadPriority
SetThreadPriority
FileTimeToSystemTime
FileTimeToDosDateTime
GetTempFileNameW
GlobalFree
GetModuleHandleW
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileSizeEx
SetFilePointerEx
OpenFileMappingW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DelayLoadFailureHook
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
LoadLibraryW
DeleteTimerQueueTimer
DeleteTimerQueueEx
InterlockedExchange
ResetEvent
VirtualAlloc
VirtualFree
GetFileAttributesExW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
FreeLibraryAndExitThread
GetFileSize
ReadFile
DuplicateHandle
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
LocalAlloc
GetCurrentProcess
IsWow64Process
LocalFree
FreeEnvironmentStringsW
GetModuleFileNameW

msvcrt

_initterm
_cexit
_CIpow
_CIsqrt
__set_app_type
??1type_info@@UAE@XZ
realloc
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_time64
strncmp
_ultoa_s
_strlwr_s
strcpy_s
_wtol
_wcsicmp
wcsstr
iswdigit
wcstol
_wcsnicmp
wcsncmp
_wcslwr_s
_wcstoui64
_errno
wcstoul
towupper
memcpy
_CxxThrowException
memset
_ftol2
calloc
malloc
_purecall
free
wcscpy_s
_wputenv
__CxxFrameHandler3
memmove_s
memcpy_s
strchr
_vsnwprintf
memmove
ceil
_vsnprintf
wcschr
bsearch
_ftol2_sse
towlower

user32

CharUpperW
wvsprintfW
UnregisterPowerSettingNotification
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
RegisterPowerSettingNotification
TranslateMessage
PeekMessageW
DispatchMessageW
CharUpperBuffW
wvsprintfA
UnregisterClassA

oleaut32

VariantTimeToSystemTime
CreateErrorInfo
SetErrorInfo
SysStringByteLen
SystemTimeToVariantTime
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetElement
VariantChangeTypeEx
SysAllocStringByteLen
VariantInit
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString

ole32

CoInitializeEx
CoUninitialize
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoUnmarshalInterface
CoInitializeSecurity
CoTaskMemAlloc
PropVariantClear
StringFromGUID2
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
IIDFromString
CoCreateInstance

wsock32

WSAGetLastError

iphlpapi

GetIpNetEntry2
ResolveIpNetEntry2
CancelIPChangeNotify
GetIpAddrTable
GetAdaptersAddresses
GetBestInterfaceEx
NotifyAddrChange
SendARP

shlwapi

StrCmpNW
PathFindFileNameW
PathAppendW
PathFileExistsW
StrStrIW
ord437

wmpmde

MFCreateWMPMDEOpCenter
MFCreateNetVRoot

mfplat

CreatePropertyStore
MFCreateAsyncResult
MFInvokeCallback
MFStartup
MFShutdown

userenv

RegisterGPNotification
UnregisterGPNotification

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 148KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0267abbb22d4850362a4b84c25971393

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

iphlpapi

shlwapi

wmpmde

mfplat

userenv

Sections

.text Size: 718KB - Virtual size: 718KB

.data Size: 13KB - Virtual size: 19KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 50KB - Virtual size: 49KB

UPX0 Size: 148KB - Virtual size: 384KB

.text
Size: 718KB - Virtual size: 718KB

.data
Size: 13KB - Virtual size: 19KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 50KB - Virtual size: 49KB

UPX0
Size: 148KB - Virtual size: 384KB