f25acdae08f1d90805a0919db151fd7a46b31e4ac28dbd4f5e8988a9631416ca

Sharing

Copy URL

Twitter E-mail

General

Target

f25acdae08f1d90805a0919db151fd7a46b31e4ac28dbd4f5e8988a9631416ca
Size

832KB
MD5

09efafd8a873f21ece50526a592d8180
SHA1

b0976edc091e5b0602f75a4242cf31310de9e294
SHA256

f25acdae08f1d90805a0919db151fd7a46b31e4ac28dbd4f5e8988a9631416ca
SHA512

fd26dfe9800d12d9fcb1f3ebeb5856eda365d494af9a7360887c31a833f86a20cfa6b75fc9a64550a9eef1e056df039ccab535728f22161ff97866c574215f3e
SSDEEP

24576:bDrNM4VvlbLS/7SfKq0X89wtkp2L6CesNIJ7Pt7tsf7KP6vhs/I+:frf0X3k1Pt7ts0Ghq

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

f25acdae08f1d90805a0919db151fd7a46b31e4ac28dbd4f5e8988a9631416ca
.exe windows x86

482e227bec9d47e0ab6c2e6675cd137b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oci

lxscat
lstcpn
lxsCntChar
lcv42b
lxoCnvCase
lmxconpar
lxsCpStr
slspool
upiarc
lxoSkip
lxmdigx
lxoCpChar
upigml
upisto
lxsCnvEqui
upidbg
lsfp
upista8
lxsTrnStr
lxsCntByte
lxmdssln
lxmr2w
lxmdspx
lxmalpx
lxmalnx
lxhnmod
lxhnsize
upiosd
upidsc
upih2o
upiopn
upicls
upidpr
upidfn
upiefn
lxsCnvIntToNumStr
lstcprs
lfimknam
lfilini
lfiopn
lxhnlangid
lnxgfs
ldxdts
lxoCnvNumStrToInt
lxmblax
lxoCpToOp
lxsRepStr
lfvini
lxlinit
lxinitc
lxhLangEnv
lxhnamemap
lpminit
lpmloadpkg
lsfini
lmlinit
lpuinit
lfpinit
lxhcsn
ldxsto
ldxmdsz
ldxmxsz
lxCmpStr
kpusvcrh
kpusvc2hst
lxoCvChar
lxmc2wx
lstrtb
lstss
lcvb2w
lxoSchPat
lxoPadStr
OCITypeByName
OCITypeTypeCode
OCITypeName
OCIObjectUnpin
OCITypeAttrs
OCITypeIterNew
OCITypeAttrNext
OCITypeElemName
OCITypeIterFree
OCITypeCollElem
OCITypeCollTypeCode
OCITypeCollSize
OCITypeElemExtTypeCode
OCITypeElemTypeCode
OCITypeElemType
OCITypeElemLength
OCIObjectMarkDelete
OCIObjectGetAttr
OCIIterCreate
OCIIterNext
OCIIterDelete
OCIIntervalToText
OCIDateTimeToText
OCILobGetLength
OCITypeElemCharSetForm
OCIDateToText
OCINumberToText
OCIStringSize
lxsCatStr
OCIRefHexSize
OCIRefToHex
OCIDescriptorAlloc
OCIPStreamFromXMLType
OCIPStreamClose
OCIObjectFree
OCIPStreamRead
OCILobLocatorIsInit
OCICollGetElem
OCIClientVersion
OCILobFileGetName
OCIStmtRelease
OCINumberToInt
OCIAnyDataAccess
OCIAnyDataGetType
OCIServerRelease
OCIEnvNlsCreate
OCIEnvCreate
OCIObjectGetTypeRef
OCIObjectPin
OCIObjectNew
OCILobFreeTemporary
OCILobIsTemporary
OCILogoff
OCILogon
OCIResultSetToStmt
OCIAttrSet
OCIAttrGet
OCIBreak
OCILobRead
OCIErrorGet
OCITransRollback
OCITransCommit
OCIParamGet
OCIDescribeAny
OCIStmtGetBindInfo
OCIStmtFetch
OCIDefineObject
OCIDefineByPos
OCIStmtExecute
OCIStmtSetPieceInfo
OCIStmtGetPieceInfo
OCIBindObject
OCIBindByName
OCIBindByPos
OCIStmtPrepare2
OCIPasswordChange
OCISessionBegin
OCISessionEnd
OCIServerDetach
OCIServerAttach
OCIDescriptorFree
OCIHandleFree
OCIHandleAlloc
OCIRawSize
OCIRawPtr
lfimkpth
lfignam
lxsCntDisp
lxmlowx
nigsui
lfvtyp
lstprintf
lsfmai
lmsaicmt
lmsacin
lmsacbn
lmsagbf
lmsatrm
lxmcpbx
lxhschar
lpucompose
lxmnceq
lxwc2lx
lpuparse
lpuresolve
lxgratio
sqlrv8c
sqlcxt
sqlaldt
sqlfcn
sqlclut
sqlnult
lctbnam
sqlprct
slzgetevar
sltln
slfnp
slgfn
lfird
lfiwr
lfipthad
lpuopen
lpuread
lpuclose
lpuerror
sqlglmt
lxoCmpStr
upinbls
lmlterm
lputerm
lpmterm
lpmdelete
lsfcln
lxlterm
lfifpo
lfifno
lficls
nigcui
slemdsp
lemgem
lxoCnvCh2Wide
slfpflt
slfpdlt
lnxnur
slfpfgt
slfpdgt
lnxadd
slfpfadd
slfpdadd
lcvb24
lxsCnvCase
lstup
lnxsqr
lnxdiv
lnxmul
slfpfsqrt
slfpf2s
slfpf2fs
slfpfsub
slfpfdiv
slfpfmul
slfpdsqrt
slfpd2s
slfpd2fs
slfpdsub
slfpddiv
slfpdmul
lnxnfng
lnxnucg
lnxmin
lxoCpDisp
lxmcpen
slfpfeq
slfpdeq
slfpf2sb
slfpfisinf
slfpfisnan
slfpd2sb
slfpdisinf
slfpdisnan
lxoCmpNStr
lnxsni
lnxsub
lxscop
lxoCpStr
lxmfwdx
lxoWriChar
lxoCnvIntToNumStr
lnxfcng
lnxscng
slfpfs2d
slfpfs2f
lnxpflg
ldxstd
sldxgd
ldxsti
ldxini
lxhlinfo
lnxcpng
slfps2de
slfps2fe
lxsCmpStr
lfiflu
lxsulen
lxmspax
lxmctex
OCIStringPtr
lxmopen

oraclient10

upinblc

kernel32

GetVersion
WaitForSingleObject
CloseHandle
CreateProcessA
ExitProcess
GetLastError
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
IsDBCSLeadByte
GlobalReAlloc
WriteFile
CreateFileA
ReadFile
GetModuleHandleA
GetStartupInfoA

user32

wsprintfA
GetDlgItemInt
SetDlgItemInt
CheckRadioButton
IsDlgButtonChecked
TranslateMessage
DispatchMessageA
PeekMessageA
GetMessageA
TranslateAcceleratorA
CopyRect
IntersectRect
IsRectEmpty
EqualRect
GetClipboardData
CheckDlgButton
CreateMenu
AppendMenuA
GetWindowRect
GetDesktopWindow
IsWindowEnabled
SendDlgItemMessageA
GetDlgItemTextA
SetDlgItemTextA
EndDialog
SetRect
InvertRect
GetSysColor
GetCaretPos
MessageBoxA
RegisterWindowMessageA
SendMessageA
SetCaretPos
ShowCaret
HideCaret
CreateCaret
MessageBeep
SetScrollRange
SetScrollPos
ScrollWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
TabbedTextOutA
EnableMenuItem
GetMenu
ReleaseCapture
SetCapture
GetAsyncKeyState
GetKeyState
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
PostQuitMessage
DefWindowProcA
GetClientRect
UpdateWindow
DrawMenuBar
SetMenu
LoadAcceleratorsA
IsWindowVisible
ShowWindow
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassA
GetForegroundWindow
DialogBoxParamA
SetMessageQueue
DestroyWindow
EnableWindow
SetFocus
GetDlgItem
SetForegroundWindow
SetActiveWindow
PostMessageA
SetWindowTextA

gdi32

GetStockObject
SelectObject
SetBkColor
SetTextColor
GetTextMetricsA
TextOutA
CreateFontA
EnumFontFamiliesA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

msvcr71

__p___argv
strncat
_strnset
strstr
atoi
_strdup
_strlwr
_expand
_heapchk
tolower
_vsnprintf
__p___argc
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
isdigit
_ftime
strtok
free
_itoa
getenv
realloc
malloc
strncpy
printf
_errno
strcspn
strchr
memchr
vsprintf
_setjmp3
longjmp
sprintf
_c_exit
memset
_stricmp

Sections

.text
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

482e227bec9d47e0ab6c2e6675cd137b

Headers

File Characteristics

Imports

oci

oraclient10

kernel32

user32

gdi32

comdlg32

msvcr71

Sections

.text Size: 512KB - Virtual size: 510KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 147KB

.rsrc Size: 8KB - Virtual size: 5KB

.UPX Size: 244KB - Virtual size: 244KB

.text
Size: 512KB - Virtual size: 510KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 147KB

.rsrc
Size: 8KB - Virtual size: 5KB

.UPX
Size: 244KB - Virtual size: 244KB