db6ef0fb8a09e3e193f32e8bdc55ed75e8c3c88a2a081fd97bc068902f82ee5d

Sharing

Copy URL

Twitter E-mail

General

Target

db6ef0fb8a09e3e193f32e8bdc55ed75e8c3c88a2a081fd97bc068902f82ee5d
Size

312KB
MD5

0fc898ac90039678acb755f4bc8a40e2
SHA1

de01e232b99b995a90dc6713449774c3655c251e
SHA256

db6ef0fb8a09e3e193f32e8bdc55ed75e8c3c88a2a081fd97bc068902f82ee5d
SHA512

b85505c735974076eabb5690b4747c79d48f79ec271cd64f9c754d543380feecbedb5539daffd51637fdbcd418362ae5aa05928c37eded09acddfa7aa6857ca9
SSDEEP

6144:PVzc8JNX3lnTPL2STxinek3hiA7rXIB/qfunfieFlk9:Zc8L3lnH2Snk3YA7rXIBCGnKeQ9

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

db6ef0fb8a09e3e193f32e8bdc55ed75e8c3c88a2a081fd97bc068902f82ee5d
.exe windows x86

6438cc9e34ecfac41d614bd4b5ed016c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CloseServiceHandle
ReportEventW
DeregisterEventSource
RegisterEventSourceW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegConnectRegistryW
StartServiceW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
ControlService
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
InitializeSecurityDescriptor
QueryServiceStatus

kernel32

GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
lstrcmpiW
GetSystemDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
OutputDebugStringW
FormatMessageW
CompareFileTime
CreateFileW
ReadFile
WriteFile
LocalFree
SetLastError
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
LoadLibraryW
GetProcAddress
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
MoveFileExW
GetTempPathW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
CompareStringW
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetLastError
lstrlenW
HeapSetInformation
GetCommandLineW
GetCurrentThreadId
Sleep
CreateEventW
CreateThread
SetEvent
RaiseException
WaitForSingleObject
CloseHandle
QueueUserWorkItem
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

CharNextW
GetMessageW
DispatchMessageW
PostThreadMessageW
LoadStringW
UnregisterClassA

msvcrt

_wcsicmp
wcsrchr
wcschr
_vsnwprintf
wcstoul
wcstol
_open
_close
_lseek
remove
_wopen
??3@YAXPAX@Z
??_V@YAXPAX@Z
_cexit
_purecall
malloc
free
??_U@YAPAXI@Z
memset
_errno
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
realloc
_unlock
__dllonexit
_read
_write
__CxxFrameHandler
__wgetmainargs
_lock
_onexit
memcpy
memmove
?terminate@@YAXXZ
_controlfp
??2@YAPAXI@Z

ntdll

RtlUnwind

ole32

StringFromGUID2
CoUninitialize
CoInitializeEx
CoCreateInstance
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
VariantInit
SysStringLen

netapi32

NetShareGetInfo
NetApiBufferFree

ws2_32

WSAStartup
WSACleanup

mscms

GetColorDirectoryW
WcsEnumColorProfiles
WcsEnumColorProfilesSize
WcsAssociateColorProfileWithDevice
InstallColorProfileW

winspool.drv

GetPrinterDriverPackagePathW
GetPrinterDataExW
GetPrinterW
XcvDataW
OpenPrinterW
EnumFormsW
ClosePrinter
EnumPrintProcessorsW
EnumPortsW
EnumPrinterDriversW
EnumPrintersW
GetPrinterDriverDirectoryW
UploadPrinterDriverPackageW
EnumPrinterKeyW
EnumPrinterDataExW
SetPrinterDataW
AddPrinterW
SetPrinterW
SetPrinterDataExW
GetPrintProcessorDirectoryW
AddPrintProcessorW
AddPrinterDriverExW
InstallPrinterDriverFromPackageW
AddMonitorW
AddFormW
GetPrinterDataW

clusapi

GetClusterResourceKey
ClusterRegCloseKey
ClusterRegQueryValue
ClusterRegOpenKey
ClusterResourceEnum
ClusterResourceControl
CloseClusterNode
OpenClusterNode
OpenCluster
OfflineClusterResource
OnlineClusterResource
GetClusterResourceState
CloseCluster
ClusterResourceOpenEnum
OpenClusterResource
CloseClusterResource
ClusterResourceCloseEnum

resutils

ResUtilGetResourceName
ResUtilFindDependentDiskResourceDriveLetter
ResUtilEnumResourcesEx
ResUtilResourceTypesEqual
ResUtilFindSzProperty

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

??0CTcpMib@@QAE@ABV0@@Z
??0CTcpMib@@QAE@XZ
??1CTcpMib@@UAE@XZ
??4CTcpMib@@QAEAAV0@ABV0@@Z
??_7CTcpMib@@6B@

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6438cc9e34ecfac41d614bd4b5ed016c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

netapi32

ws2_32

mscms

winspool.drv

clusapi

resutils

version

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 169KB

.data Size: 1KB - Virtual size: 7KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 7KB - Virtual size: 6KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 170KB - Virtual size: 169KB

.data
Size: 1KB - Virtual size: 7KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 7KB - Virtual size: 6KB

.UPX0
Size: 108KB - Virtual size: 260KB