fbafce688432355a864a7b8aa746a47de96d14296c33f967d5f71da6ef3d46ea

Sharing

Copy URL Twitter E-mail

General

Target

fbafce688432355a864a7b8aa746a47de96d14296c33f967d5f71da6ef3d46ea
Size

352KB
MD5

61c6f2558c3377038b73c76bc7b70349
SHA1

ad2939f28160dad62b86a1554676002978941155
SHA256

fbafce688432355a864a7b8aa746a47de96d14296c33f967d5f71da6ef3d46ea
SHA512

37e027613614811d6222a9ae67d177ef5f483d8c3f52e131dd14060dc9b1dd039f8f7f9eb57209275cef078e3c3ffd7e74672865ef310b7b5570f8fddf315d59
SSDEEP

6144:f6en+BhDC3PecfmNkJqs8OaZjIz7QxIV8FJcFyZ:yZhDt6qdIz7Q4Ee

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fbafce688432355a864a7b8aa746a47de96d14296c33f967d5f71da6ef3d46ea
.exe windows x86

8e26fedcadea19ec1d32c854fdce7d72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionW
PathFileExistsW

hpqtap08

_TAPASPreLinkTestLink@8
TAPASLink

mfc80u

ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4226
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord1536
ord2077
ord280
ord3990
ord1476
ord6301
ord2648
ord3103
ord2651
ord2011
ord3630
ord2155
ord6738
ord2741
ord5795
ord630
ord2460
ord899
ord896
ord4026
ord385
ord3194
ord4256
ord4713
ord5199
ord4238
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2012
ord4884
ord4728
ord4205
ord5178
ord4904
ord4459
ord4619
ord4578
ord4458
ord4488
ord3603
ord3596
ord3422
ord590
ord1139
ord4475
ord3629
ord777
ord776
ord2311
ord1086
ord1123
ord2132
ord331
ord1069
ord629
ord3383
ord384
ord476
ord701
ord266
ord6086
ord1060
ord3435
ord3635
ord3306
ord1579
ord1637
ord354
ord4729
ord4206
ord1866
ord5965
ord1784
ord1785
ord3176
ord4347
ord2159
ord3460
ord635
ord4259
ord4271
ord1297
ord2164
ord5201
ord5144
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord5352
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord2424
ord1118
ord395
ord6063
ord4293
ord5161
ord1156
ord6300
ord3752
ord3395
ord2713
ord4946
ord4244
ord1386
ord6061
ord6059
ord940
ord3102
ord4439
ord1021
ord3642
ord6232
ord1864
ord1883
ord287
ord3204
ord1925
ord3155
ord1270
ord5633
ord3331
ord760
ord1271
ord709
ord602
ord347
ord501
ord3678
ord578
ord2462
ord300
ord6201
ord747
ord559
ord3168
ord741
ord715
ord1970
ord3311
ord4234
ord1582
ord2086
ord3286
ord1572
ord1634
ord1281
ord2369
ord4109
ord548
ord6111
ord5398
ord6302
ord3104
ord757
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2386
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord4461
ord4463
ord3586
ord566
ord5379
ord3249
ord1172
ord5316
ord1176
ord265
ord6282
ord2239
ord1064
ord1117
ord5221
ord593
ord6248
ord5113
ord334
ord956
ord547
ord5971
ord1110
ord1121
ord2340
ord1571
ord5327
ord261
ord6293
ord3444
ord3639
ord368
ord4258
ord4476
ord6039
ord5930
ord2762
ord3034
ord4216
ord1913
ord4733
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5588
ord5152
ord2042
ord2007
ord6234
ord2615
ord2608
ord4560
ord1198
ord4699
ord3037
ord5901
ord3163
ord2936
ord3471
ord648
ord410
ord4267
ord2711
ord1553
ord1351
ord3338
ord5202
ord5147
ord5910
ord6763
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4172
ord4165
ord4974
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4523
ord4474
ord4965
ord4510
ord4667
ord4942
ord4788
ord4281
ord4957
ord4790
ord4704
ord4799
ord5047
ord4958
ord4643
ord4940
ord4501
ord4955
ord4668
ord4125
ord1293
ord1999
ord4126
ord5162
ord4371
ord4194
ord4370
ord1220
ord3756
ord2809
ord2413
ord2414
ord2415
ord2412
ord2411
ord3051
ord4123
ord4581
ord5829
ord4358
ord3082
ord3644
ord3614
ord686
ord1604
ord1603
ord1941
ord2049
ord3903
ord5943
ord3900
ord3108
ord5940
ord5567
ord3393
ord2712
ord4108
ord4111
ord6062
ord3754
ord2647
ord5798
ord4118
ord6060
ord6085
ord3982
ord2154
ord5827
ord5828
ord2137
ord1303
ord1311
ord5311
ord6715
ord1718
ord6716
ord6751
ord2365
ord2241
ord314
ord2244
ord2243
ord454
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord2985
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord3158
ord572
ord1894
ord2366
ord4119
ord762
ord6700
ord282
ord1479
ord736
ord605
ord293
ord3050
ord4574
ord6115
ord587
ord870
ord283
ord3927
ord2895
ord5558
ord774
ord577
ord1079
ord1178
ord1182
ord764
ord2925
ord616

msvcr80

_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcscpy
_wcsdup
__argc
__wargv
_wsplitpath
fabs
_initterm_e
memcmp
memcpy
memset
swprintf_s
_recalloc
calloc
free
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
wcslen
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
_crt_debugger_hook
memcpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??0exception@std@@QAE@ABQBD@Z
wcschr
_vsnprintf
__CxxFrameHandler3

kernel32

lstrcatA
OpenFile
_llseek
lstrlenA
_lwrite
_lclose
SetLastError
CloseHandle
LocalAlloc
FormatMessageW
InterlockedDecrement
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetTickCount
GetVersionExA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
FreeLibrary
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetThreadLocale
GetLastError
SetEvent
ResumeThread
DuplicateHandle
GetCurrentProcess
CreateEventW
GetPrivateProfileStringW
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
lstrcmpiW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
lstrlenW
InterlockedIncrement
GetLocaleInfoA
WaitForSingleObject
GetACP
LocalFree
LeaveCriticalSection
GetTempPathW
GetTempFileNameW

user32

GetMenu
EqualRect
GetClientRect
GetKeyState
GetWindowRect
MsgWaitForMultipleObjects
IsWindowUnicode
GetParent
EnableWindow
SendMessageW
MapWindowPoints
IsWindow
PostMessageW
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
LoadImageW
LoadCursorW
UpdateWindow
AdjustWindowRectEx
GetWindowThreadProcessId
AttachThreadInput
LoadIconW
GetForegroundWindow
SetForegroundWindow
IsZoomed
SystemParametersInfoW
IntersectRect
SystemParametersInfoA
IsIconic
GetSystemMetrics
KillTimer
SetTimer
IsWindowVisible
SetRectEmpty
SetRect
CopyRect
PeekMessageW
IsRectEmpty

gdi32

CreateCompatibleDC
GetObjectW
BitBlt

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoGetClassObject
CoTaskMemFree
CoCreateInstance
OleRun
CoTaskMemAlloc

oleaut32

SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCat
SysFreeString
SysStringLen
GetErrorInfo
VariantInit
VariantChangeType

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e26fedcadea19ec1d32c854fdce7d72

Headers

File Characteristics

Imports

shlwapi

hpqtap08

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp80

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 56KB - Virtual size: 55KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 56KB - Virtual size: 55KB

.UPX0
Size: 108KB - Virtual size: 260KB