902f99c25ddbde4b182a35d0bc5a47409f408ed2cdf6e04a475aeb2bb3d2e409

Sharing

Copy URL Twitter E-mail

General

Target

902f99c25ddbde4b182a35d0bc5a47409f408ed2cdf6e04a475aeb2bb3d2e409
Size

644KB
MD5

30555eecf5066a35877ea4160830f440
SHA1

79fd2fb4525f793bb934238e48b7ffcac97a2f7c
SHA256

902f99c25ddbde4b182a35d0bc5a47409f408ed2cdf6e04a475aeb2bb3d2e409
SHA512

90799cc503566485df0e3d5e8543ecf4655c60731fe4c2e47f9c8c8f2316b23daba4022b9eff8530590d80381b5cbf98e828de3b8cb8b69178819b645a08797c
SSDEEP

6144:h15LYPmBUyhP2qV4mgg7zKWSuSAq72VbQBTxUDfrqdi+LqLcSyt4JcZClnsNBR:h15M+ymL7zXtq72VJDfm4+LA3BUCln2

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

902f99c25ddbde4b182a35d0bc5a47409f408ed2cdf6e04a475aeb2bb3d2e409
.exe windows x86

0d062f7f57b6cdfa3e08946ba5a74f78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetFullPathNameA
SetErrorMode
GetTickCount
GetFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
SetFilePointer
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetThreadLocale
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
GetCurrentProcessId
GetModuleFileNameA
InterlockedDecrement
GetModuleFileNameW
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
lstrcpynA
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
CompareStringW
lstrlenA
RemoveDirectoryA
GetCurrentProcess
CreateDirectoryA
GetPrivateProfileStringA
CreateMutexA
GetCurrentDirectoryA
FreeLibrary
lstrcpyA
GetDiskFreeSpaceExA
GetVolumeInformationA
DeviceIoControl
WriteFile
GetOverlappedResult
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
DeleteFileA
SetCurrentDirectoryA
CopyFileA
GetFileAttributesA
CloseHandle
lstrcatA
lstrcmpA
ReadFile
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
SetLastError
GetFileSize
CreateFileA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte

user32

RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
SetCursor
GetMessageA
TranslateMessage
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
CheckMenuItem
GetMenuState
DestroyMenu
GetWindowThreadProcessId
WindowFromPoint
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
GetClassLongA
GetClassNameA
SetPropA
MessageBeep
RemovePropA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
GetCursorPos
SetForegroundWindow
CreatePopupMenu
AppendMenuA
EnableMenuItem
CallNextHookEx
PtInRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowTextLengthA
GetWindowTextA
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
GetWindow
IsRectEmpty
CopyAcceleratorTableA
CharNextA
UnregisterClassA
GetPropA
LoadCursorA
SendMessageA
EnableWindow
SetFocus
GetFocus
GetDlgCtrlID
MessageBoxA
LoadIconA
GetSystemMenu
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
ExitWindowsEx
CharUpperA
ScreenToClient
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CopyRect
GetDC
ReleaseDC

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
ScaleWindowExtEx
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateFontA
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
RegQueryValueExA
RegOpenKeyA
RegCloseKey
InitiateSystemShutdownA
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0d062f7f57b6cdfa3e08946ba5a74f78

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 264KB - Virtual size: 260KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 39KB

.rsrc Size: 240KB - Virtual size: 239KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 240KB - Virtual size: 239KB

.UPX
Size: 60KB - Virtual size: 60KB