bc599db4ad1b6d7f03f4c0e651305e1de3e0174ef6af96740b102bf40e224802

Sharing

Copy URL Twitter E-mail

General

Target

bc599db4ad1b6d7f03f4c0e651305e1de3e0174ef6af96740b102bf40e224802
Size

2.7MB
MD5

175ba416996ee12581a89b182c74d802
SHA1

0731d69016289cb0f29841e21e6b29e68d5b19a7
SHA256

bc599db4ad1b6d7f03f4c0e651305e1de3e0174ef6af96740b102bf40e224802
SHA512

1f45ebe46c7903243e970b50d015b3bc3825a846ee1d99e124df57375a8d0fe826c4e7918c21edc40f540dda3bb36521556ed1b2312ff0c7214010d234bcef8e
SSDEEP

49152:uf4YJgo/Z1bKv8sb7cf2KuJSnAccjVCpriCy1x2Ni:Wz/ZYv/bwfd0SnEoiCy1AQ

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

bc599db4ad1b6d7f03f4c0e651305e1de3e0174ef6af96740b102bf40e224802
.exe windows x86

83fcc33cba3f4a0cd70cd83412693354

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
shutdown
WSACleanup
select
send
getaddrinfo
WSAGetLastError
socket
ioctlsocket
bind
listen
accept
WSAStartup
closesocket

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetGetCookieA
InternetSetCookieA

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSetOption
WinHttpConnect
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpCloseHandle

kernel32

GetFileAttributesA
SetFileAttributesA
FreeLibrary
GetProcAddress
LocalLock
LocalUnlock
GlobalLock
GlobalUnlock
VirtualAlloc
VirtualFree
GlobalMemoryStatus
SetErrorMode
GetWindowsDirectoryA
GetSystemDirectoryA
SetFilePointer
UnlockFile
DuplicateHandle
LockFile
GetFileTime
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
ExpandEnvironmentStringsA
DeviceIoControl
DefineDosDeviceA
GetVolumeInformationA
GetDriveTypeA
CreateMutexA
GetLocalTime
GetComputerNameA
GetLogicalDriveStringsA
GetLogicalDrives
FileTimeToLocalFileTime
GetFileSize
QueryPerformanceCounter
GetCurrentProcessId
FlushConsoleInputBuffer
GetStdHandle
HeapFree
GetProcessHeap
SetLastError
MulDiv
GetThreadLocale
GetVolumeInformationW
GetFullPathNameW
GetModuleHandleW
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
lstrcmpA
GlobalGetAtomNameW
GetModuleHandleA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
TlsFree
GlobalFlags
WritePrivateProfileStringW
HeapAlloc
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetFileType
GetDriveTypeW
HeapReAlloc
VirtualProtect
VirtualQuery
SetEnvironmentVariableW
GetFileInformationByHandle
PeekNamedPipe
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
SetConsoleCtrlHandler
ExitThread
SetStdHandle
ExitProcess
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
FindFirstFileA
GetTempFileNameA
CreateFileA
LoadLibraryW
LoadLibraryA
GetModuleFileNameA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
LocalAlloc
LocalReAlloc
CompareStringA
GetVersionExA
GetVersion
IsBadStringPtrA
OpenProcess
GetExitCodeProcess
MoveFileExW
ReleaseMutex
SetCurrentDirectoryW
GetSystemDirectoryW
CreateMutexW
GetModuleFileNameW
lstrlenW
GlobalAlloc
GlobalFree
GetCurrentProcess
SetProcessWorkingSetSize
CreateEventW
GetTempPathW
GetTempFileNameW
lstrlenA
SetEvent
GetExitCodeThread
GetFileAttributesW
CopyFileW
GetCurrentDirectoryW
GetLocaleInfoW
GetNumberFormatW
GetLocaleInfoA
GetUserDefaultUILanguage
SuspendThread
FileTimeToSystemTime
InterlockedDecrement
InterlockedIncrement
GetSystemTime
GetCurrentThreadId
TerminateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetCommandLineW
CreateJobObjectW
CreateIoCompletionPort
SetInformationJobObject
AssignProcessToJobObject
GetQueuedCompletionStatus
OpenSemaphoreW
CreateSemaphoreW
ReleaseSemaphore
WaitForSingleObject
FormatMessageW
InterlockedExchange
FlushFileBuffers
SetEndOfFile
MoveFileW
DeleteFileA
CreateDirectoryW
GetVersionExW
GetSystemInfo
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
OutputDebugStringW
WriteFile
GetFileSizeEx
GetTickCount
LocalFree
GetLastError
SetFilePointerEx
CreateThread
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
Sleep
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
ReadFile
InterlockedCompareExchange
ReadConsoleInputA
SetConsoleMode

user32

TranslateAcceleratorW
IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UnregisterClassA
GetMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
EqualRect
DeferWindowPos
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetActiveWindow
GetKeyState
ValidateRect
CharUpperW
SetMenu
GetMenuItemID
TabbedTextOutW
CharPrevA
SetWindowTextW
GetClassNameW
MonitorFromWindow
SetWindowsHookExW
UnhookWindowsHookEx
ScreenToClient
CallNextHookEx
GetWindow
GetClassInfoW
LoadIconW
InsertMenuItemW
AppendMenuW
DeleteMenu
CreatePopupMenu
GetWindowLongW
SetWindowLongW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
MonitorFromRect
SystemParametersInfoW
LoadCursorW
SetCursor
SetLayeredWindowAttributes
FindWindowExW
FindWindowW
GetDesktopWindow
DrawAnimatedRects
LockWindowUpdate
IsWindowVisible
ReleaseDC
GetWindowDC
ClientToScreen
GetWindowRect
SetWindowRgn
IsIconic
GetSystemMenu
LoadMenuW
RemoveMenu
ModifyMenuW
GetSubMenu
EnableMenuItem
DrawFocusRect
OffsetRect
SetRect
SendMessageW
KillTimer
SetTimer
GetCursorPos
TrackPopupMenu
PostMessageW
SetForegroundWindow
IsWindow
IsMenu
UpdateWindow
ReleaseCapture
EnableWindow
SetCapture
GetCapture
InvalidateRect
BringWindowToTop
SetRectEmpty
LoadAcceleratorsW
DestroyMenu
ReuseDDElParam
UnpackDDElParam
GetDC
EndDialog
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
GetClientRect
CopyRect
CopyAcceleratorTableW
IsRectEmpty
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
CharNextW
GetMenuItemInfoW
InflateRect
EndPaint
BeginPaint
GrayStringW
DrawTextExW
GetMenuState
DrawTextW
PtInRect
GetMessageW
PostThreadMessageW
GetSystemMetrics
PeekMessageW
DispatchMessageW
TranslateMessage
MessageBoxW
FillRect
CreateDialogIndirectParamW
GetMenuItemCount
GetNextDlgTabItem
GetMonitorInfoW

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetStockObject
SetViewportExtEx
RectVisible
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
GetBkColor
GetMapMode
GetRgnBox
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
ExtTextOutW
PtVisible
GetPixel
GetWindowExtEx
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
CombineRgn
CreateEllipticRgn
CreateRectRgn
CreateDIBSection
DeleteObject
GetObjectW
SetDIBColorTable
GetTextColor
GetBkMode
CreateRectRgnIndirect
BitBlt
GetDIBColorTable
SelectObject
DeleteDC
GetViewportExtEx
CreateCompatibleDC
SetMapMode

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

SaferCloseLevel
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
GetUserNameA
SaferCreateLevel
SaferComputeTokenFromLevel
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
CryptImportKey
RegCreateKeyExW
RegSetValueExW
IsTextUnicode
RegEnumKeyExA
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
CryptAcquireContextW
CryptDecrypt

shell32

SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
SHAppBarMessage
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
FindExecutableW

comctl32

ord17

shlwapi

SHSetValueW
SHGetValueW
SHDeleteValueW
SHDeleteEmptyKeyW
SHDeleteKeyA
UrlUnescapeW
UrlEscapeW
UrlCreateFromPathW
PathAddExtensionW
PathRemoveExtensionW
UrlCanonicalizeW
PathRemoveFileSpecW
PathFileExistsA
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoInitializeEx
CoGetClassObject
CLSIDFromProgID
CoUninitialize
CLSIDFromString
CoTaskMemAlloc

oleaut32

SysAllocString
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString

gdiplus

GdipFree
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

83fcc33cba3f4a0cd70cd83412693354

Headers

File Characteristics

Imports

ws2_32

version

wininet

winhttp

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 492KB - Virtual size: 488KB

.data Size: 100KB - Virtual size: 216KB

.rsrc Size: 40KB - Virtual size: 36KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 492KB - Virtual size: 488KB

.data
Size: 100KB - Virtual size: 216KB

.rsrc
Size: 40KB - Virtual size: 36KB

.UPX0
Size: 108KB - Virtual size: 260KB