cf0c0f77788b79ad274287b5b34e6f7d6d6681e6cd71a7d87c42c6e6fb8977c8

Sharing

Copy URL Twitter E-mail

General

Target

cf0c0f77788b79ad274287b5b34e6f7d6d6681e6cd71a7d87c42c6e6fb8977c8
Size

259KB
MD5

c9fb924e38f87d3428225bd84fbfaaa2
SHA1

183f9d3cd016304a2cc89571f2b18a507ec79de8
SHA256

cf0c0f77788b79ad274287b5b34e6f7d6d6681e6cd71a7d87c42c6e6fb8977c8
SHA512

c78fa2f19813ad882b8d62b0964336a72c1419129d003ad96a982e647f6ea9a9fe2055f0fb208601c0c3aa2d39d918971c3bcc9cc7884a4e67c6f489dd47b794
SSDEEP

6144:ISAqWATnZSdjM6SoqizS0vzyCpMJE1d5L+H328r5h:IhUMdjRLLztpMJAz+X225h

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

cf0c0f77788b79ad274287b5b34e6f7d6d6681e6cd71a7d87c42c6e6fb8977c8
.exe windows x86

ac58a920521b9302f988c70ea5b8a7a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
GetTickCount
GetCurrentProcess
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsAlloc
GetCurrentThreadId
HeapCreate
ExitProcess
GetModuleFileNameA
GetEnvironmentStringsW
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
BeginUpdateResourceW
GetProcAddress

user32

GetSystemMetrics
AppendMenuA
GetDlgItemTextW
PostMessageW
SetCapture
GetCursorPos
GetAsyncKeyState
InvalidateRect
CreateMenu
UnregisterClassW
AppendMenuW
LoadIconW
GetCapture
SetTimer
CheckMenuItem
SetParent
wsprintfA
GetCaretPos
DialogBoxParamW
EmptyClipboard
MessageBoxIndirectW
EnumWindows
CreateAcceleratorTableA
LoadCursorW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

resutils

ResUtilGetProperty
ResUtilFindDwordProperty
ResUtilFindBinaryProperty
ResUtilVerifyPropertyTable
ResUtilEnumResources
ResUtilGetPropertyFormats
ResUtilGetResourceDependency
ResUtilFindSzProperty
ResUtilSetSzValue
ResUtilGetBinaryValue
ResUtilDupString

gdi32

GetEnhMetaFileA
CreateBitmap
RemoveFontResourceA
CreateFontIndirectA
GetTextExtentPointA
CreateMetaFileW
DeleteObject

occache

GetControlInfo
IsModuleRemovable

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 3KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 4KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.icode
Size: 1KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 89KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 4KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 126KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 3KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac58a920521b9302f988c70ea5b8a7a2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

resutils

gdi32

occache

Sections

.text Size: 13KB - Virtual size: 13KB

CODE Size: 3KB - Virtual size: 199KB

CODE Size: 4KB - Virtual size: 478KB

.rdata Size: 3KB - Virtual size: 25KB

.icode Size: 1KB - Virtual size: 489KB

.edata Size: 89KB - Virtual size: 130KB

UPX1 Size: 4KB - Virtual size: 258KB

.data Size: 8KB - Virtual size: 215KB

.edata Size: 126KB - Virtual size: 127KB

CODE Size: 3KB - Virtual size: 146KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

CODE
Size: 3KB - Virtual size: 199KB

CODE
Size: 4KB - Virtual size: 478KB

.rdata
Size: 3KB - Virtual size: 25KB

.icode
Size: 1KB - Virtual size: 489KB

.edata
Size: 89KB - Virtual size: 130KB

UPX1
Size: 4KB - Virtual size: 258KB

.data
Size: 8KB - Virtual size: 215KB

.edata
Size: 126KB - Virtual size: 127KB

CODE
Size: 3KB - Virtual size: 146KB

.rsrc
Size: 1KB - Virtual size: 1KB