30660994246b21c88a43359815f1d9ea972228ed56660b5e6f3215cab62fb926

Sharing

Copy URL

Twitter E-mail

General

Target

30660994246b21c88a43359815f1d9ea972228ed56660b5e6f3215cab62fb926
Size

1.2MB
MD5

ec4802baf64a05b4e6ced21032037ac0
SHA1

79919bd7a6cc52429f994da3154aa313c972caa0
SHA256

30660994246b21c88a43359815f1d9ea972228ed56660b5e6f3215cab62fb926
SHA512

447ad1f7bf577a81bc8cad948461746a8e14e62973ce82e226c66e9a4fc7dafc750e1ada4332ee822de0ca61f5410de19464ec88c340e1af4419ae86e2d59e52
SSDEEP

24576:Y4lghckpHVaDXCPKGIFwDjPrZ3Q8z/B2ns4uyzC58yIe4HQg1K8:YiwpHVazCPKfKDVzB2ns4qChQgL

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/սʬͻV1108/NZSGFZ V1031/սʬͻ2.exe	upx

Files

30660994246b21c88a43359815f1d9ea972228ed56660b5e6f3215cab62fb926
.zip
սʬͻV1108/NZSGFZ V1031/fsMon.dll
.dll windows x86

c7498903be32840f44ec2bdfdcf13b5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
DuplicateHandle
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetFileAttributesA
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
SetLastError
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
LocalAlloc
FreeLibrary
lstrcpyA
lstrcpynA
EnterCriticalSection
GetLastError
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
ExitProcess
UnmapViewOfFile
TerminateThread
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
VirtualProtect
IsBadWritePtr
IsBadReadPtr
GetComputerNameA
GetVersionExA
CreateThread
WinExec
DeleteFileA
WaitForSingleObject
Sleep
OpenProcess
TerminateProcess
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
ReadFile
CreateFileA
VirtualAlloc
SetFilePointer
WriteFile
VirtualFree
FindFirstFileA
FindNextFileA
FindClose
GetLogicalDriveStringsA
GetCurrentProcess
CloseHandle
GetModuleHandleA
GetProcAddress
HeapReAlloc

user32

GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
CharUpperA
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetForegroundWindow
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
CallNextHookEx
SetForegroundWindow
RegisterWindowMessageA
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExA
FindWindowA
MessageBoxA
MessageBeep
wsprintfA
SetCursorPos
mouse_event
MapVirtualKeyA
keybd_event
GetSystemMetrics
CheckMenuItem

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
SetBkColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GetStockObject
RestoreDC
SaveDC
CreateBitmap
CreateDCA
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDIBits
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
GetUserNameA

shell32

ShellExecuteA

comctl32

ord17

wininet

InternetGetLastResponseInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable

ws2_32

recv
gethostname
inet_ntoa
gethostbyname
inet_addr
socket
WSAStartup
send
WSACleanup
closesocket
WSAGetLastError
connect
htons

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
սʬͻV1108/NZSGFZ V1031/ֽ̳.txt
սʬͻV1108/NZSGFZ V1031/սʬͻ2.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 7.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 754KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
սʬͻV1108/˵.htm
.html .js
˵.htm
.html .js

Sharing

General

Malware Config

Signatures

Files

c7498903be32840f44ec2bdfdcf13b5d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

wininet

ws2_32

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: - Virtual size: 16KB

.sedata Size: 576KB - Virtual size: 576KB

.reloc Size: 12KB - Virtual size: 12KB

.rmnet Size: 60KB - Virtual size: 60KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 7.9MB

UPX1 Size: 754KB - Virtual size: 756KB

.rsrc Size: 14KB - Virtual size: 16KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: - Virtual size: 16KB

.sedata
Size: 576KB - Virtual size: 576KB

.reloc
Size: 12KB - Virtual size: 12KB

.rmnet
Size: 60KB - Virtual size: 60KB

UPX0
Size: - Virtual size: 7.9MB

UPX1
Size: 754KB - Virtual size: 756KB

.rsrc
Size: 14KB - Virtual size: 16KB