21d9fb4f70adbf64a435566f6368cb6c27f915b4152c35e493300d19baca961e

Sharing

Copy URL Twitter E-mail

General

Target

21d9fb4f70adbf64a435566f6368cb6c27f915b4152c35e493300d19baca961e
Size

182KB
MD5

0129c1918138da2421abfee066892844
SHA1

d69318a4793c628f6a5da3117635ab40b94c8752
SHA256

21d9fb4f70adbf64a435566f6368cb6c27f915b4152c35e493300d19baca961e
SHA512

7ccbfc3a44679455fe071b65908d8eeb4c49e482aa443343aa47efe333fbbcaa43e273515f338e457ed68799cfc49d6316dd6a12cbf3b2b57f90c8ecfad6272f
SSDEEP

3072:zgu4s4Q/PF7sZXVRGWy3xU0Nad5A/+9MTTcUjwOxu/MNrd2Dd7HwbpcBSz:ErPQ/PF7sZXVRGHk5VMTTqmukNGJHaWm

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

21d9fb4f70adbf64a435566f6368cb6c27f915b4152c35e493300d19baca961e
.exe windows x86

fc84d8bbc723c0a7a57522957d988c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__p__fmode
_cexit
_XcptFilter
_exit
_c_exit
_itow
_purecall
__set_app_type
_controlfp
wcsncpy
wcscpy
_except_handler3
wcscat
wcsncat
wcschr
wcsrchr
_snprintf
_wcsicmp
wcslen
_snwprintf
_ltoa
wcscmp
sprintf
strchr
strtoul
strncpy
calloc
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
free
malloc
exit
_wsplitpath
_vsnwprintf
swprintf
_putws

advapi32

InitializeSecurityDescriptor
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
DeregisterEventSource
LookupAccountSidW
ChangeServiceConfigW
SetServiceStatus
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CryptGenRandom
RegSetKeySecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
ReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
CloseServiceHandle
GetFileSecurityW
SetFileSecurityW
CryptAcquireContextW
CryptReleaseContext
RegNotifyChangeKeyValue
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
RegEnumKeyExW
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken
LookupAccountNameW
AddAce
GetAce
GetAclInformation
InitializeAcl
AddAccessAllowedAce
EqualSid
AdjustTokenPrivileges

kernel32

InterlockedCompareExchange
ResetEvent
WaitForMultipleObjects
SetErrorMode
InterlockedDecrement
GetSystemDirectoryW
GetACP
SetFilePointer
GetLocalTime
GetCommandLineW
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetComputerNameW
ExpandEnvironmentStringsW
GetConsoleCP
LocalAlloc
FormatMessageW
LocalFree
CreateMutexW
CreateNamedPipeW
VirtualFree
OpenProcess
SetLastError
GetVersionExW
VirtualAlloc
lstrlenW
lstrcpyW
GetLastError
InterlockedIncrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CloseHandle
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
lstrcpynW
GetModuleFileNameW
lstrcatW
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
CreateFileW
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
CreateEventW
InterlockedExchange
ReleaseMutex
PostQueuedCompletionStatus
DuplicateHandle
GetOEMCP
SetHandleInformation
CreateIoCompletionPort
CreateProcessW
ReadFile
WriteFile
PeekNamedPipe
GetSystemTime
SetEvent
TerminateThread
GetQueuedCompletionStatus
CreateThread

user32

LoadStringW
CloseWindowStation
CloseDesktop
SetUserObjectSecurity
GetProcessWindowStation
wsprintfA
LoadStringA
MessageBoxW
CharNextW
wsprintfW

ntlsapi

NtLicenseRequestA
NtLSFreeHandle

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitializeEx
CoInitialize
CoUninitialize
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SetErrorInfo
VarI4FromStr
LoadTypeLi
VarBstrFromDate
VarDateFromUdate
UnRegisterTypeLi
SysStringByteLen
RegisterTypeLi
SysFreeString
SysStringLen
SysAllocStringLen

netapi32

NetApiBufferFree
NetGetJoinInformation
NetLocalGroupAdd
NetServerGetInfo

ws2_32

gethostbyaddr
WSAEnumNetworkEvents
accept
WSASetEvent
WSACloseEvent
WSACleanup
shutdown
WSAResetEvent
WSADuplicateSocketW
getpeername
WSAStartup
WSACreateEvent
socket
setsockopt
bind
listen
WSAEventSelect
closesocket
WSASetLastError
getservbyport
ntohs
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

psapi

EnumProcesses

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc84d8bbc723c0a7a57522957d988c46

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntlsapi

ole32

oleaut32

netapi32

ws2_32

psapi

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 18KB - Virtual size: 18KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 18KB - Virtual size: 18KB

.UPX0
Size: 108KB - Virtual size: 260KB