df4b88b9292e4bfc2277acf5165e3f3a45808534d1c3d1b9fef8401b8c5f2ac2

Sharing

Copy URL Twitter E-mail

General

Target

df4b88b9292e4bfc2277acf5165e3f3a45808534d1c3d1b9fef8401b8c5f2ac2
Size

396KB
MD5

0c9224f1f129d63fecf0b7fccfb7b040
SHA1

88cf69870bc82c538b8b843e8b03f5a0226a32dc
SHA256

df4b88b9292e4bfc2277acf5165e3f3a45808534d1c3d1b9fef8401b8c5f2ac2
SHA512

f823446285e6e2026712533ec1cd16296036ae6e98da23caf6c93d299add9f38b2289313db286335a97fa6202c2cf55b4c3d46f80be30c8c42f3aacd5ba1aaf9
SSDEEP

6144:zWKe8y3hPd73EEmKclRDvO4SIA1AT+UBiPVCi55bdbP9GwCUKMCux71:7yxPF3EDbDvJAmTs9C+hGaCkh

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

df4b88b9292e4bfc2277acf5165e3f3a45808534d1c3d1b9fef8401b8c5f2ac2
.exe windows x86

d0283afaa542e67e5e607e3f3136ade7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
FindNextFileA
UnmapViewOfFile
ExitThread
LoadLibraryA
GetLastError
FindClose
GetProcAddress
SystemTimeToFileTime
Sleep
IsDBCSLeadByte
ResumeThread
SuspendThread
SetFileTime
SetFileAttributesA
CreateDirectoryA
GetFileAttributesA
GetSystemTime
GetFileSize
FreeLibrary
CreateFileMappingA
MapViewOfFile
IsBadReadPtr
GetTickCount
CreateThread
GetFullPathNameA
CreateFileA
SetFilePointer
WriteFile
GetCurrentDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetFileInformationByHandle
GetLocalTime
GetComputerNameA
HeapFree
GetStartupInfoA
GetCommandLineA
GetModuleHandleA
HeapDestroy
HeapCreate
ExitProcess
VirtualAlloc
VirtualFree
GetCurrentProcess
WideCharToMultiByte
TerminateProcess
LCMapStringA
LCMapStringW
MultiByteToWideChar
GetModuleFileNameA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetVersion
HeapAlloc
HeapReAlloc

user32

EndDialog
SetDlgItemTextA
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
CreateDialogParamA
DialogBoxParamA
GetWindowLongA
TranslateAcceleratorA
GetDlgItem
GetParent
IsWindow
UpdateWindow
GetDlgItemTextA
BringWindowToTop
SystemParametersInfoA
AttachThreadInput
GetWindowThreadProcessId
IsWindowEnabled
DeferWindowPos
RegisterHotKey
DestroyWindow
CreateWindowExA
PeekMessageA
CallWindowProcA
LoadMenuA
GetSubMenu
GetMenuItemCount
GetMenuStringA
SetWindowLongA
CreatePopupMenu
ModifyMenuA
BeginDeferWindowPos
AppendMenuA
DestroyMenu
GetAsyncKeyState
KillTimer
SetTimer
RegisterWindowMessageA
LoadAcceleratorsA
GetSystemMetrics
SendMessageA
MessageBoxA
LoadIconA
LoadCursorA
GetWindowRect
GetClientRect
SetCapture
SendDlgItemMessageA
GetWindow
InvalidateRgn
ReleaseCapture
MoveWindow
EndDeferWindowPos
IsWindowVisible
IsDlgButtonChecked
SetActiveWindow
GetForegroundWindow
GetWindowTextA
FindWindowA
RegisterClassA
SetForegroundWindow
PostQuitMessage
wsprintfA
PostMessageA
UnregisterHotKey
SetCursor
GetWindowPlacement
EnableWindow
ShowWindow
SetClassLongA
SetWindowPlacement
SetFocus
GetMessagePos
FlashWindow
SetWindowTextA
CreateMenu
TrackPopupMenu
MessageBeep
GetSystemMenu
InsertMenuA
GetMenuItemID
SetWindowWord
DeleteMenu
GetWindowWord
ScreenToClient
GetCursorPos
IsDialogMessageA

gdi32

CreateFontIndirectA
DeleteObject
GetObjectA

comdlg32

GetSaveFileNameA
ChooseFontA
GetOpenFileNameA

advapi32

RegDeleteKeyA
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA

shell32

DragFinish
SHGetMalloc
DragQueryFileA
SHGetPathFromIDListA
ExtractIconA
SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize

winmm

PlaySoundA

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ord17

wsock32

accept
recvfrom
connect
ntohl
sendto
WSACleanup
WSAStartup
socket
bind
WSAAsyncSelect
inet_ntoa
listen
gethostbyname
WSAGetLastError
send
select
recv
closesocket
htons
inet_addr
setsockopt
ioctlsocket

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0283afaa542e67e5e607e3f3136ade7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

winmm

comctl32

wsock32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 16KB - Virtual size: 52KB

.UPX Size: 244KB - Virtual size: 244KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 16KB - Virtual size: 52KB

.UPX
Size: 244KB - Virtual size: 244KB