5f98590c4bf772c32ae47463bb3c8ef89f35b94db3a4560fcc5399959ab7ebbe

Sharing

Copy URL Twitter E-mail

General

Target

5f98590c4bf772c32ae47463bb3c8ef89f35b94db3a4560fcc5399959ab7ebbe
Size

454KB
MD5

21466d70cf994d7f5e98cd68bb41bba0
SHA1

7bed2b7407fb56f9bd87062b6d0865a4244dac19
SHA256

5f98590c4bf772c32ae47463bb3c8ef89f35b94db3a4560fcc5399959ab7ebbe
SHA512

bd7be4600889dc4f1c9cb195de70881d30976f11cdd1ae2bef56868da994ad47a05397017dd64bf1e93b551a0e7757578e29de4490b5636201900e6be585c4a6
SSDEEP

12288:xqK/w8z/PtLDsTqK6iP4BJTM6++OBlYER:wK/wY4TqKPP4bje7YE

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

5f98590c4bf772c32ae47463bb3c8ef89f35b94db3a4560fcc5399959ab7ebbe
.exe windows x86

00fe7c14f2917445e2f4a192b35e12ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
InterlockedCompareExchange
OpenProcess
GetCurrentThread
LocalFree
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
VirtualQuery
DeviceIoControl
VirtualAlloc
GetCurrentThreadId
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
SetFilePointer
LoadLibraryA
WaitForMultipleObjects
CreateEventW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
GetVersionExW
GetCurrentProcessId
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
SetUnhandledExceptionFilter
GetCommandLineW
CreateFileW
GetFileSize
ReadFile
WriteFile
WritePrivateProfileSectionW
MoveFileW
GetModuleFileNameW
DeleteFileW
GetPrivateProfileStringW
FindFirstFileW
WritePrivateProfileStringW
CopyFileW
FindNextFileW
FindClose
SetCurrentDirectoryW
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
OpenEventW
SetEvent
CloseHandle
GetLastError
lstrlenW
InterlockedDecrement
VirtualProtect
ExitProcess
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
RaiseException
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
MultiByteToWideChar
GetSystemTime
CreateMutexW
TlsGetValue
HeapAlloc
HeapFree
WaitForSingleObject
GetProcessHeap
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapReAlloc
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW

user32

CharUpperW
wvsprintfW
LoadStringW
CharNextW

advapi32

RegSetValueW
RegQueryValueW
RegQueryValueA
RegOpenKeyW
RegOpenKeyA
RegCreateKeyW
RegCreateKeyA
RegFlushKey
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
DeleteService
RegSetValueA

shell32

CommandLineToArgvW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CoUninitialize

shlwapi

StrRChrW
StrStrIW
StrCmpIW
PathRemoveFileSpecW
PathAppendW
PathCombineW
PathFileExistsW
PathAddBackslashW
SHDeleteKeyW
SHGetValueW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW

setupapi

SetupCopyOEMInfW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00fe7c14f2917445e2f4a192b35e12ec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

psapi

setupapi

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 11KB - Virtual size: 25KB

.rsrc Size: 21KB - Virtual size: 20KB

.UPX Size: 257KB - Virtual size: 260KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 21KB - Virtual size: 20KB

.UPX
Size: 257KB - Virtual size: 260KB