a1eb879ff239b0449f5e19ddc25b2a5e2d8ac75ca30472378a6351a1453e31ae

Sharing

Copy URL Twitter E-mail

General

Target

a1eb879ff239b0449f5e19ddc25b2a5e2d8ac75ca30472378a6351a1453e31ae
Size

352KB
MD5

0fee24e57279dfa9a9ea0041532971fc
SHA1

547282fdba063fc89561dbed2d563ac9a9d6f33c
SHA256

a1eb879ff239b0449f5e19ddc25b2a5e2d8ac75ca30472378a6351a1453e31ae
SHA512

8a13dab81bb203f0db5822e60c8c0e84c1a83b367b8722cd5d5d9f9d278a2942aa5aee31c8b949230247294b3d891168a571251a77007d62f55b47c1cdd3eecf
SSDEEP

6144:MYG4sTK+P7v0mj3ROHssdBD9NnsNeTz5:MYeP7vAH739VsNeT

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a1eb879ff239b0449f5e19ddc25b2a5e2d8ac75ca30472378a6351a1453e31ae
.exe windows x86

728845521dec44b832be8d0b6ab919a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mmioClose
mmioOpenA
mmioRead
mmioDescend

kernel32

CreateMutexA
OpenMutexA
OpenEventA
CreateFileMappingA
OpenFileMappingA
OpenProcess
GetWindowsDirectoryA
GetSystemDirectoryA
FormatMessageA
lstrcpynA
MultiByteToWideChar
GetVersion
WideCharToMultiByte
GetLastError
GetStartupInfoA
GetCurrentProcessId
lstrcmpA
GetCurrentThread
GetCurrentProcess
GlobalAlloc
GetModuleHandleA
GetSystemInfo
lstrlenW
GetCurrentThreadId
OpenSemaphoreA
CreateSemaphoreA
ResetEvent
PulseEvent
ReleaseMutex
ReleaseSemaphore
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
WaitForSingleObject
WaitForMultipleObjectsEx
GetTickCount
GetShortPathNameA
GetModuleFileNameA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GlobalFree
GetProcAddress
FreeLibrary
lstrcpyA
LocalAlloc
lstrcmpiA
LocalFree
SetErrorMode
LoadLibraryA
CreateEventA
InterlockedDecrement
lstrlenA
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
MulDiv
SetEvent
GlobalLock
IsBadStringPtrA
GlobalUnlock
SetFilePointer
ReadFile
FindResourceA
LoadResource
LockResource
SizeofResource
VirtualProtect
FreeResource
CreateFileA
CloseHandle
OutputDebugStringA
GetFileAttributesA
lstrcatA
LoadLibraryExA

user32

DialogBoxParamA
PeekMessageA
MsgWaitForMultipleObjectsEx
CharPrevA
wsprintfA
ChangeClipboardChain
SystemParametersInfoA
GetSystemMetrics
LoadImageA
LoadIconA
GetSystemMenu
EnableMenuItem
SetWindowPos
SetClipboardViewer
OpenClipboard
GetClipboardData
EnableWindow
CloseClipboard
GetWindowRect
ClientToScreen
InvalidateRect
DestroyWindow
WinHelpA
BeginPaint
GetClientRect
EndPaint
EndDialog
GetDlgItemTextA
MessageBoxA
GetDlgItem
SetFocus
SetWindowTextA
SetDlgItemTextA
RedrawWindow
EnumChildWindows
GetClassNameA
SetWindowLongA
GetParent
InflateRect
DrawFocusRect
IsWindowEnabled
GetSysColor
GetWindowTextA
CopyRect
DrawTextExA
SetRect
FillRect
SendMessageA
GetActiveWindow
GetDC
ReleaseDC
LoadStringA
FindWindowA
GetWindowLongA
ShowWindow
SetForegroundWindow
PostQuitMessage
DispatchMessageA
TranslateMessage

gdi32

SelectPalette
RealizePalette
CreateDIBSection
DeleteDC
CreateDCA
GetSystemPaletteEntries
SetSystemPaletteUse
CreatePen
SetTextColor
GetStockObject
SetBkMode
CreateCompatibleBitmap
SetDIBitsToDevice
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
GetPaletteEntries
GetDeviceCaps
CreatePalette
GetObjectA
Rectangle
CreateSolidBrush
SetPaletteEntries
DeleteObject
ResizePalette
Polyline

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA
RegEnumKeyA
RegCreateKeyExA
LookupAccountNameW
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
RegOpenKeyA
RegCloseKey
RegQueryValueExA

shell32

DragQueryFileA

ole32

OleGetClipboard
OleUninitialize
RevokeDragDrop
OleRun
CoCreateInstance
OleInitialize
RegisterDragDrop
ReleaseStgMedium

oleaut32

VariantInit
GetErrorInfo
VariantChangeType
SetErrorInfo
SafeArrayCreate
SafeArrayPutElement
VariantClear
SysFreeString
CreateErrorInfo

shlwapi

PathAddBackslashA
PathRemoveBackslashA
PathAppendA
SHDeleteEmptyKeyA
SHDeleteKeyA

msvcp70

?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr70

_purecall
??0exception@@QAE@ABV0@@Z
_stricmp
_mbsnbcpy
_mbslen
strchr
malloc
_callnewh
_splitpath
_snprintf
_vsnprintf
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
_amsg_exit
??0exception@@QAE@XZ
??1exception@@UAE@XZ
sprintf
_except_handler3
_mbsupr
_mbslwr
_mbscspn
memmove
_mbsicmp
_mbsstr
_CxxThrowException
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z
__getmainargs
_initterm
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_controlfp
_strnicmp
_adjust_fdiv

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

728845521dec44b832be8d0b6ab919a7

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp70

msvcr70

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 8KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 10KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 8KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 10KB

UPX0
Size: 144KB - Virtual size: 380KB