a6ecbeda859b4b350ba255b1e74db1f949a376b0cba97364ba44e13696411b5d

Sharing

Copy URL

Twitter E-mail

General

Target

a6ecbeda859b4b350ba255b1e74db1f949a376b0cba97364ba44e13696411b5d
Size

340KB
MD5

00b9301df7598dba149f6ac247b32d3a
SHA1

50cfaff169ef83cbaafe9e60383f063504f320b7
SHA256

a6ecbeda859b4b350ba255b1e74db1f949a376b0cba97364ba44e13696411b5d
SHA512

253ebe8ea0b0aaece48c4e432aef9e4a21c6bbc766ef2ec546e97f4b08d762940411e6b35e2435b614942155ba12123d39475710b0e716d4438df0f85ffec36f
SSDEEP

6144:3JRFTYCpsu2v3BGRUyqinBazIVDNPHRCHZS/sC/X8prJvhdujyu:5h8vgUknBasVDN5C5S/szpdueu

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a6ecbeda859b4b350ba255b1e74db1f949a376b0cba97364ba44e13696411b5d
.exe windows x86

616b1ee5e67b60339eb0c911a4990953

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
RaiseException
GetTickCount
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcatA
HeapFree
lstrcpyA
HeapAlloc
GetProcessHeap
GetTimeFormatA
DosDateTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSize
GlobalFree
WriteFileEx
QueueUserAPC
SleepEx
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
SizeofResource
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
UnhandledExceptionFilter
TerminateProcess
TlsAlloc
DeleteCriticalSection
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetModuleFileNameA
ExitProcess
GetStartupInfoA
InterlockedDecrement
ExitThread
TlsGetValue
TlsSetValue
CreateThread
ResumeThread
RtlUnwind
LockResource
GetCurrentProcess
ReadFile
WaitForMultipleObjects
ResetEvent
WriteFile
GetOverlappedResult
GetVersion
GetCommandLineA
GetFullPathNameA
GetComputerNameA
GetCurrentProcessId
InitializeCriticalSection
lstrlenA
FindFirstFileA
SearchPathA
FindClose
GlobalMemoryStatus
LoadLibraryA
FreeLibrary
GetCurrentDirectoryA
GetSystemDirectoryA
DeleteFileA
CreateFileA
QueryPerformanceFrequency
DeviceIoControl
GetCurrentThreadId
WaitForSingleObject
SetLastError
OpenMutexA
CreateMutexA
CreateFileMappingA
MapViewOfFile
CreateEventA
UnmapViewOfFile
GetSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
SetEvent
InterlockedIncrement
CloseHandle
lstrcpynA
GetLastError
FormatMessageA
LocalFree
EnterCriticalSection
TerminateThread
LeaveCriticalSection
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
SetFilePointer

user32

CheckMenuItem
GetMenu
MessageBoxA
InsertMenuItemA
GetMenuItemCount
GetSubMenu
SetCursor
InvalidateRect
ChildWindowFromPoint
GetSysColor
GetSysColorBrush
LoadCursorA
GetDlgItem
EndDialog
ShowWindow
SetWindowTextA
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
BeginPaint
EndPaint
PostQuitMessage
CallWindowProcA
GetMenuCheckMarkDimensions
GetDC
GetWindowTextA
LoadIconA
SendMessageA
GetFocus
ClientToScreen
ScreenToClient
GetDialogBaseUnits
DrawFocusRect
GetParent
IsDlgButtonChecked
PostMessageA
CheckRadioButton
RegisterClassExA
FindWindowA
LoadAcceleratorsA
RegisterWindowMessageA
PeekMessageA
MsgWaitForMultipleObjects
TranslateAcceleratorA
IsWindow
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetMessageA
GetWindowThreadProcessId
SetWindowLongA
GetSystemMetrics
EnableWindow
CheckDlgButton
ReleaseDC
CreateWindowExA
UpdateWindow
RegisterClassA
LoadBitmapA
SetTimer
ModifyMenuA
MoveWindow
KillTimer
DefWindowProcA
LoadStringA
SetWindowPos
InvalidateRgn
CreateDialogParamA
GetClientRect
GetCursorPos
DestroyWindow
SetForegroundWindow
TrackPopupMenu
SetDlgItemTextA
SendDlgItemMessageA
AttachThreadInput
AppendMenuA
SetMenuItemBitmaps
DialogBoxParamA
SetFocus
GetDlgItemTextA
SetCapture
ReleaseCapture
EnableMenuItem
DeleteMenu
GetWindowRect
IsIconic
IsZoomed
DrawTextA

gdi32

GetTextExtentPointA
StartDocA
GetDeviceCaps
CreateFontA
StartPage
TextOutA
EndPage
AbortDoc
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteDC
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetTextMetricsA
DeleteObject
SetBkColor
ExtTextOutA
GetTextExtentPoint32A
SetAbortProc
EndDoc

ws2_32

closesocket
WSAGetLastError
connect
socket
gethostbyname
htons
htonl
bind
getsockname
listen
accept
WSAStartup
inet_addr
gethostbyaddr

mpr

WNetCancelConnection2A
WNetAddConnection2A

comctl32

ord17
CreateToolbarEx

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
FindTextA
PrintDlgA
ChooseFontA

advapi32

RegOpenKeyExA
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetMalloc
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHBrowseForFolderA

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

616b1ee5e67b60339eb0c911a4990953

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

mpr

comctl32

comdlg32

advapi32

shell32

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 107KB

.rsrc Size: 96KB - Virtual size: 93KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 107KB

.rsrc
Size: 96KB - Virtual size: 93KB

.UPX0
Size: 104KB - Virtual size: 252KB