6bff1f51efdd6209ff4710198bc5e02d814a4479ffa9bbf4da7e8afb5edbc7ca

Sharing

Copy URL

Twitter E-mail

General

Target

6bff1f51efdd6209ff4710198bc5e02d814a4479ffa9bbf4da7e8afb5edbc7ca
Size

442KB
MD5

05c7877d1d470f83459d546a7973eb00
SHA1

e239686a1e301a5f77ab4e9d5b85c0577749f3b2
SHA256

6bff1f51efdd6209ff4710198bc5e02d814a4479ffa9bbf4da7e8afb5edbc7ca
SHA512

e085ce67817ab42ab6f8686c9aa2c698841a5a6ac46bb5d6827757c801f1a5d41f903d75167ee27a1da34b2743e82436e57cadb9442939d92a5c5a2dbf91c4a2
SSDEEP

6144:QH7A/McmLRsP5NbJJddgNjQ2feyEtPwPgYdADFq/Qjbg7M3zikMDjE:QbA+tsP5NtdS3DdADFqeJ3Wc

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

6bff1f51efdd6209ff4710198bc5e02d814a4479ffa9bbf4da7e8afb5edbc7ca
.exe windows x86

68d63766490924f28568820d801bae74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
EqualSid
ConvertStringSidToSidW
ConvertSidToStringSidW
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW

kernel32

GetEnvironmentVariableW
CloseHandle
GetCurrentProcess
SetEvent
GetCommandLineW
WaitForSingleObject
lstrcmpA
ExpandEnvironmentStringsW
CopyFileW
CreateProcessW
CreateThread
SetErrorMode
CompareStringW
LockResource
TlsGetValue
TlsSetValue
GlobalLock
GlobalUnlock
LoadResource
FindResourceExW
GetCurrentProcessId
OpenEventW
CreateEventW
SetUnhandledExceptionFilter
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
LocalFree
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
WideCharToMultiByte
GetProcAddress
LoadLibraryW
FreeLibrary
CreateFileW
GetTempFileNameW
GetTempPathW
ReadFile
SetFilePointer
GetFileSize
WriteFile
DeleteFileW
lstrlenW
lstrcmpW
lstrcmpiW
GetVersionExW
GetSystemDirectoryW
RaiseException
lstrlenA
MultiByteToWideChar
GetLastError
SetLastError
FindResourceW
GetTimeFormatA
GetDateFormatA
GetThreadLocale

user32

WinHelpW
SetRectEmpty
SystemParametersInfoW
OffsetRect
OpenClipboard
IsClipboardFormatAvailable
SetForegroundWindow
GetMessageW
GetActiveWindow
TranslateAcceleratorW
PostMessageW
MessageBoxW
PostQuitMessage
GetWindowRect
IsWindow
DestroyWindow
SetProcessDPIAware
IsWindowUnicode
SendMessageA
SendMessageW
PostMessageA
PeekMessageA
PeekMessageW
TranslateMessage
DispatchMessageA
DispatchMessageW
CallWindowProcW
DefWindowProcA
DefWindowProcW
IsDialogMessageA
IsDialogMessageW
SetWindowLongA
SetWindowLongW
GetWindowLongA
GetWindowLongW
DialogBoxIndirectParamW
CreateDialogIndirectParamW
FillRect
RegisterClassExW
CreateWindowExW
SetWindowTextW
LoadAcceleratorsW
ReleaseDC
GetDC
SetFocus
InvalidateRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClientRect
DestroyMenu
LoadCursorW
LoadImageW
GetSystemMetrics
SetActiveWindow
ShowWindow
SetWindowPos
GetFocus
DestroyIcon
TrackPopupMenuEx
GetParent
DeleteMenu
EnableMenuItem
GetCursorPos
GetSubMenu
EnableWindow
GetDlgItem
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
SetWindowsHookExW
MapWindowPoints
GetDlgCtrlID
EndPaint
GetSysColorBrush
BeginPaint
GetWindowTextW
ScreenToClient
GetWindow
KillTimer
CheckDlgButton
IsDlgButtonChecked
SetDlgItemTextW
SetTimer
AdjustWindowRectEx
SetDlgItemInt
EndDialog
GetWindowTextLengthW
DrawFocusRect
CopyRect
GetSysColor
GetClassNameW
DrawTextExW
LoadMenuIndirectW
CloseClipboard
GetClipboardData

msvcrt

??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
memmove_s
memcpy_s
_purecall
_wcsdup
wcsrchr
fwrite
_wfopen
fclose
fputs
fgetws
fseek
ftell
fflush
fwprintf
fread
fopen
fprintf
feof
strtok
strstr
fgets
_mbsstr
atoi
_strnicmp
wcstol
_mbbtombc
_mbbtype
_mbctohira
_vsnwprintf
_CxxThrowException
__CxxFrameHandler3
_wcsicmp
wcstok
memset
memcpy
??0exception@@QAE@XZ
free
_callnewh
malloc
_cexit
_exit
_XcptFilter
_controlfp
_except_handler4_common
?terminate@@YAXXZ
exit
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
__wgetmainargs

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

rpcrt4

RpcMgmtStopServerListening
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
NdrServerCall2

gdi32

EnumFontFamiliesExW
DeleteObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetDeviceCaps
SetBkColor
SetTextColor
GetTextExtentPoint32W
GetTextExtentPointW
GetLayout
GetStockObject
ExtTextOutW

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmSetOpenStatus
ImmGetContext
ImmSetConversionStatus

comctl32

ImageList_Destroy
CreateStatusWindowW
PropertySheetW
ord17
ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

ShellExecuteW

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

68d63766490924f28568820d801bae74

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

rpcrt4

gdi32

imm32

comctl32

comdlg32

shell32

Sections

.text Size: 164KB - Virtual size: 164KB

.data Size: 15KB - Virtual size: 34KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 12KB - Virtual size: 11KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 164KB - Virtual size: 164KB

.data
Size: 15KB - Virtual size: 34KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 12KB - Virtual size: 11KB

.UPX0
Size: 104KB - Virtual size: 252KB