c2134b05059b58898cb611fd20da3619ddb301434b29337e9c657ccf8f708c4b

Sharing

Copy URL Twitter E-mail

General

Target

c2134b05059b58898cb611fd20da3619ddb301434b29337e9c657ccf8f708c4b
Size

388KB
MD5

01db60f4b95a003e7d98ca0153647ad9
SHA1

4d79113a3700a6fc391a5bc91c3152b3e888f79f
SHA256

c2134b05059b58898cb611fd20da3619ddb301434b29337e9c657ccf8f708c4b
SHA512

f494c9a92a03e8c1a5cabb47fc5565b290c171957d7a97f061b4f9d2044b6e50c38494818e32da4cecae2bdfa5e55f481c27d291ec4e374141e69073668a8a2f
SSDEEP

6144:UQ7FifnVOVF4G7AWF8wtKDMtwkBYK5Tz77uCYXilJbg5O5/9W:37FJAxMbYK5/7+XST5l

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

c2134b05059b58898cb611fd20da3619ddb301434b29337e9c657ccf8f708c4b
.exe windows x86

d3e2710c22c00ba0540a02adb1d7f41e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

common

?GetBuffer@CTXStringW@@QAEPA_WH@Z
?TrimLeft@CTXStringW@@QAEAAV1@XZ
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?Find@CTXStringW@@QBEHPB_WH@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?Find@CTXStringW@@QBEH_WH@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?GetMemoryUsage@Sys@Util@@YAXAAK0@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?GetLength@CTXStringW@@QBEHXZ
??0CTXBSTR@@QAE@XZ
??ICTXBSTR@@QAEPAPA_WXZ
??8@YA_NABVCTXStringW@@PB_W@Z
?SetIdleCallback@TXTimer@@YAHPAUITXIdleCallback@@I@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?MinimzeMemory@Sys@Util@@YAXXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformModeConfig@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6G?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAUtagBugReportInfo@1@PBD20PAX@Z@Z
?GetSession@TXLog@@YAKXZ
?GetLCID@NLS@@YAKXZ
?ValidateBugReport@TXBugReport@@YAXXZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitNetwork@Network@Util@@YAHXZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?AddIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
ord37
??0CTXStringW@@QAE@PA_W@Z
??1CTXStringW@@QAE@XZ
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@XZ
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?NotifyIdle@Window@Util@@YAJXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
??YCTXStringW@@QAEAAV0@PB_W@Z
?CheckVistaAndStartSelfMediumLevel@Sys@Util@@YAHXZ
?NotifyIdle@TXTimer@@YAXXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
?Format@CTXStringW@@QAAXPB_WZZ
?OnUninitCom@Misc@Util@@YAXXZ
??BCTXBSTR@@QBEPA_WXZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
??0CTXStringW@@QAE@PB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??1CTXBSTR@@QAE@XZ
?Append@CTXStringW@@QAEXPB_W@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z

kernelutil

?GetBuildVer@Version@@YAKXZ
?GetProgramBinDir@Sys@Util@@YA?AVCTXStringW@@V3@@Z
?GetVersionExW@Version@@YAXAAUtagVersionInfo@1@@Z
?GetUserDataSaveSetting@Sys@Util@@YA?AVCTXStringW@@AAKAAV3@@Z
?GetMajorVer@Version@@YAEXZ
?GetMinorVer@Version@@YAEXZ
?GetProgramRootDir@Sys@Util@@YA?AVCTXStringW@@XZ
?GetGlobalSysDir@Sys@Util@@YA?AVCTXStringW@@XZ
?Init@Version@@YAHXZ

gf

?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

kernel32

GetModuleFileNameW
GetCurrentProcessId
GetSystemInfo
InitializeCriticalSection
CreateEventW
QueryPerformanceFrequency
SetThreadPriority
GlobalMemoryStatus
GetCurrentThread
CreateThread
GetDriveTypeW
ReadFile
CreateMutexW
GetTickCount
LoadLibraryW
Sleep
GetProcAddress
FreeLibrary
CreateProcessW
GetCurrentThreadId
WaitForSingleObject
GetProcessTimes
GetCurrentProcess
GetSystemTimeAsFileTime
CreateMutexA
OpenMutexA
ReleaseMutex
MultiByteToWideChar
lstrlenA
GetPrivateProfileStructA
WritePrivateProfileStructA
GetPrivateProfileStringA
GetLastError
CopyFileA
DeleteFileA
GetVersionExW
GetVersion
GetVersionExA
TerminateThread
LoadLibraryA
lstrcmpA
CreateDirectoryA
GetModuleFileNameA
FindClose
FindFirstFileA
GetSystemDirectoryA
GetTempPathA
CreateFileA
WriteFile
GetSystemTime
CreateProcessA
GetShortPathNameA
GetPrivateProfileIntA
GetFileSize
SetEnvironmentVariableW
GetEnvironmentVariableW
SetEvent
CreateFileW
InterlockedIncrement
OpenEventW
InterlockedDecrement
QueryPerformanceCounter
DeleteCriticalSection
lstrlenW
lstrcpynA
CloseHandle
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
OpenMutexW
GetModuleHandleW

user32

MessageBoxW
DispatchMessageW
WaitMessage
PostThreadMessageW
PeekMessageW
TranslateMessage

advapi32

OpenProcessToken
GetTokenInformation
EqualSid
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
StartServiceA
CreateServiceA
OpenSCManagerA

shell32

SHGetSpecialFolderPathA

ole32

OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize

atl80

ord64
ord30
ord32

shlwapi

PathIsDirectoryA
PathRemoveBackslashA
PathRemoveFileSpecA
PathFileExistsA
PathAppendA

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_configthreadlocale
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
__p__fmode
__set_app_type
_time32
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_initterm_e
memset
??3@YAXPAX@Z
_time64
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
__argc
__wargv
rand
_CxxThrowException
atoi
_mbsnbcpy
__CxxFrameHandler
_snprintf
srand
_tempnam
memcpy
strcmp
strlen
_mbschr
_mbsrchr
memcmp
_mbsicmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3e2710c22c00ba0540a02adb1d7f41e

Headers

File Characteristics

Imports

comctl32

common

kernelutil

gf

kernel32

user32

advapi32

shell32

ole32

atl80

shlwapi

msvcp80

msvcr80

version

wininet

urlmon

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 68KB - Virtual size: 65KB

.UPX Size: 240KB - Virtual size: 240KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 68KB - Virtual size: 65KB

.UPX
Size: 240KB - Virtual size: 240KB