aa71c8dbe3b7fcefdbaceb94cea68b75afd6c633a4ad9418864c012aa90f5bd5

Sharing

Copy URL Twitter E-mail

General

Target

aa71c8dbe3b7fcefdbaceb94cea68b75afd6c633a4ad9418864c012aa90f5bd5
Size

240KB
MD5

bdfc079792d5bea6b43ced82bcc3f57b
SHA1

4077c10e71f068b2ce7a02faea51ed64d98a743b
SHA256

aa71c8dbe3b7fcefdbaceb94cea68b75afd6c633a4ad9418864c012aa90f5bd5
SHA512

0ebe7969f106c8b5803ebd71368ac2b240c8d0096a204915eb54f22a4dbdd84949293b1fcb6cff183d98c34b69506b1d6985440e5a0c2c68d0ad41f62045dc02
SSDEEP

6144:X7PFO/U0C1fIo8j2zztUZdFPaHjYV0E9Nkrbx8HIq:rPt1fIo8jWBUZ/aHOZq3xQI

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

aa71c8dbe3b7fcefdbaceb94cea68b75afd6c633a4ad9418864c012aa90f5bd5
.exe windows x86

2b3ad811d77b8a10b1b691de91835fdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fopen
vfprintf
fputs
_vsnprintf
fflush
fclose
wcscat
wcsncpy
wcslen
_wcsnicmp
srand
swprintf
_onexit
__dllonexit
?terminate@@YAXXZ
malloc
_initterm
free
_beginthreadex
_endthreadex
sprintf
_purecall
wcscpy
wcsncat
__CxxFrameHandler

kernel32

CreateEventW
CreateSemaphoreW
GetSystemInfo
IsBadWritePtr
Sleep
IsBadReadPtr
ResetEvent
InterlockedExchange
ProcessIdToSessionId
GetCurrentProcessId
FreeLibrary
InterlockedCompareExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
SetThreadPriority
GetModuleHandleW
GetVersionExW
lstrcpyW
lstrlenW
WideCharToMultiByte
GetProfileIntA
WaitForSingleObject
HeapFree
GetProcessHeap
HeapAlloc
DeleteCriticalSection
GetTickCount
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
SetEvent
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
lstrcpynW
GetWindowsDirectoryW
GetModuleHandleA
SetLastError
ReleaseMutex
CreateFileMappingW
CloseHandle
GetLastError
MapViewOfFile
UnmapViewOfFile
CreateMutexW
TerminateThread
GetExitCodeThread
CreateProcessW
VirtualAllocEx
GetCurrentThreadId

user32

LoadCursorW
RegisterClassW
SendDlgItemMessageW
MessageBoxW
LoadStringW
LoadIconW
InvalidateRgn
EndDialog
GetParent
DialogBoxParamW
EnableWindow
GetWindowLongW
UnregisterClassW
EndPaint
BeginPaint
GetClientRect
DefWindowProcW
IsWindow
SetWindowPos
GetClassNameW
GetWindowThreadProcessId
SetForegroundWindow
GetSystemMetrics
GetWindowRect
EnumWindows
SendMessageW
ReleaseDC
GetDC
SystemParametersInfoW
SetWindowLongW
PostMessageW

winmm

waveOutGetDevCapsA
waveInGetDevCapsA
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetLineInfoW
mixerSetControlDetails
PlaySoundW
waveOutGetDevCapsW
waveOutSetVolume
waveOutGetVolume
mixerGetID
timeGetTime
waveInGetDevCapsW

advapi32

RegFlushKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
InitializeAcl

ole32

CoUninitialize
CoInitializeEx
CLSIDFromString
StringFromGUID2
CoCreateInstance

gdi32

LineTo
CreateFontIndirectW
SelectObject
MoveToEx
Rectangle
GetStockObject
CreateSolidBrush
CreatePen
GetDeviceCaps
DeleteObject

msi

MsiQueryFeatureStateFromDescriptorA
MsiProvideComponentFromDescriptorW
Migrate10CachedPackagesW
MsiPreviewBillboardW
MsiEnumPatchesExA
MsiVerifyPackageA
MsiDatabaseMergeA
MsiProvideQualifiedComponentExW
MsiSummaryInfoGetPropertyW
MsiReinstallFeatureW
MsiEnumFeaturesA
MsiConfigureProductExA
MsiDetermineApplicablePatchesA
MsiReinstallProductW
MsiQueryComponentStateW
MsiGetFeatureCostA
MsiDatabaseIsTablePersistentW
MsiGetUserInfoA
MsiInstallProductA
MsiSetPropertyA
MsiLocateComponentW
MsiEnumProductsExA
MsiGetTargetPathA
MsiSourceListClearMediaDiskA
MsiSourceListClearMediaDiskW
MsiUseFeatureExA
DllGetVersion
MsiUseFeatureA
MsiGetFileSignatureInformationW
MsiDeterminePatchSequenceW
MsiGetFileSignatureInformationA
MsiEnumProductsW
DllUnregisterServer
MsiDatabaseCommit
MsiGetPropertyW
MsiGetFeatureValidStatesA
MsiGetProductPropertyA
MsiEnumProductsExW
MsiGetFileHashA
MsiMessageBoxExA
MsiGetSummaryInformationW

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX0
Size: 2KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX4
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX5
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_MEM_READ

UPX6
Size: 1024B - Virtual size: 49KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b3ad811d77b8a10b1b691de91835fdd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

winmm

advapi32

ole32

gdi32

msi

Sections

.text Size: 21KB - Virtual size: 21KB

UPX0 Size: 2KB - Virtual size: 36KB

.rdata Size: 5KB - Virtual size: 5KB

UPX1 Size: 2KB - Virtual size: 45KB

UPX2 Size: 1024B - Virtual size: 38KB

UPX3 Size: 3KB - Virtual size: 12KB

UPX4 Size: 2KB - Virtual size: 19KB

.data Size: 10KB - Virtual size: 48KB

UPX5 Size: 2KB - Virtual size: 26KB

UPX6 Size: 1024B - Virtual size: 49KB

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 4KB - Virtual size: 8KB

.text
Size: 21KB - Virtual size: 21KB

UPX0
Size: 2KB - Virtual size: 36KB

.rdata
Size: 5KB - Virtual size: 5KB

UPX1
Size: 2KB - Virtual size: 45KB

UPX2
Size: 1024B - Virtual size: 38KB

UPX3
Size: 3KB - Virtual size: 12KB

UPX4
Size: 2KB - Virtual size: 19KB

.data
Size: 10KB - Virtual size: 48KB

UPX5
Size: 2KB - Virtual size: 26KB

UPX6
Size: 1024B - Virtual size: 49KB

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 4KB - Virtual size: 8KB