20c9830add4f8eec1a85df3f75fa84e54d6426d738ccffc9b75414f09a704f5c

Sharing

Copy URL Twitter E-mail

General

Target

20c9830add4f8eec1a85df3f75fa84e54d6426d738ccffc9b75414f09a704f5c
Size

202KB
MD5

1349803d73270250574d3fe43622f43d
SHA1

fbfefc8cc8df31e5301021b9b96574a03d854ef8
SHA256

20c9830add4f8eec1a85df3f75fa84e54d6426d738ccffc9b75414f09a704f5c
SHA512

f8ee9ac30b575e87a2cc4084beb0eb5e2c87a9fc9ba52950651025089a497fef272daf164f8be8f648ca7eda3d10af5bf4d33347baf65fca086b14a9233b00ee
SSDEEP

6144:ONSGhUeERWmUgGxwaLH5o09ScOPoVDsyXKGVqRrCc:+SGhUeEsN/xwaFo0kcLVDsfC

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

20c9830add4f8eec1a85df3f75fa84e54d6426d738ccffc9b75414f09a704f5c
.exe windows x86

745c1719885274b3150160c66b467053

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__CxxFrameHandler
calloc
strncpy
strtoul
sprintf
_snwprintf
wcsrchr
iswalpha
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_purecall
realloc
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_onexit
_controlfp
swscanf
iswdigit
iswcntrl
_vsnprintf
wcsncmp
wcschr
_wtoi
wcscmp
towupper
wcsncpy
_strnicmp
strchr
wcscspn
wcsspn
__dllonexit
iswascii
_snprintf
_beginthreadex
_ultoa
_except_handler3
_stricmp
sscanf
malloc
free
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnwprintf
_ultow
wcslen

advapi32

RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
MakeAbsoluteSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegEnumValueW
RegDeleteValueW
GetTokenInformation
OpenProcessToken
GetAce
GetAclInformation
AddAce
AddAccessDeniedAce
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
FreeSid
AllocateAndInitializeSid
RegEnumKeyExA
AddAccessAllowedAce
EqualSid
DeleteAce
RegOpenKeyExW

kernel32

HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
CreateThread
CreateSemaphoreA
GetVersionExA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
lstrlenW
InterlockedDecrement
IsDBCSLeadByte
lstrcmpiA
lstrcatA
lstrcpynA
lstrcpyA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
CreateEventA
HeapSize
WaitForSingleObjectEx
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SetEvent
InterlockedCompareExchange
LocalFree
LoadLibraryW
LocalAlloc
GetVersionExW
WaitForSingleObject
CreateEventW
GetSystemDirectoryA
GetModuleFileNameW
GetExitCodeProcess
OpenProcess
GetComputerNameW
GetModuleHandleA
SetThreadPriority
GetCurrentThread
lstrlenA
FreeLibraryAndExitThread

user32

CharNextA
PostThreadMessageA
CharPrevA
DispatchMessageA
GetMessageA
RegisterClassA
CreateWindowExA
SetWindowLongA
DestroyWindow
PostQuitMessage
GetWindowLongA
DefWindowProcA
PostMessageA

ole32

CoInitialize
CoCreateInstance
CoSuspendClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringLen

wininet

InternetOpenW
HttpOpenRequestW
InternetQueryDataAvailable
HttpSendRequestExW
HttpEndRequestA
HttpQueryInfoA
InternetReadFile
InternetErrorDlg
HttpQueryInfoW
InternetSetOptionA
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
InternetQueryOptionA

wsock32

connect
sendto
recv
WSASetLastError
getservbyport
ntohs
setsockopt
ntohl
WSAStartup
WSACleanup
inet_ntoa
getsockname
getpeername
WSAAsyncSelect
getsockopt
closesocket
shutdown
bind
socket
gethostbyaddr
htons
getservbyname
htonl
inet_addr
gethostbyname
WSAGetLastError
ioctlsocket
send

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

745c1719885274b3150160c66b467053

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB