569bba86821acfecc1d0f6f957193f61e6423ffe3de304072ec0a530fdcf58c0

Sharing

Copy URL Twitter E-mail

General

Target

569bba86821acfecc1d0f6f957193f61e6423ffe3de304072ec0a530fdcf58c0
Size

242KB
MD5

0b12741fb619f54515ecd8d4fcfc4cd0
SHA1

172646c54417e05e3ac8b5c573cbb0fae9e30d80
SHA256

569bba86821acfecc1d0f6f957193f61e6423ffe3de304072ec0a530fdcf58c0
SHA512

7c3948ac882497356a93c9832ea98b71da82aa8596f047444854e80afa47cdec29e4b86d212a31cb3c7cf7bfb0b8a8256fa2c9906eba5a17f3c062b7d7079893
SSDEEP

768:ZeoEog4EdhQHQNLJpUVdaG6WxQgLhkqJDSURKWU+DGhR4KzqiVLf541RNwa0:1EogeuQV7vQgLhkqJtyh9n558Xi

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

569bba86821acfecc1d0f6f957193f61e6423ffe3de304072ec0a530fdcf58c0
.dll windows x86

f9adcade79e6df938a4a5dbd2f8b2d23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetComputerNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrlenA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount
GetVersion
DeleteFileA
GetVersionExA
GetCurrentProcess
CreateFileA
WriteFile
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
CreateProcessA
OutputDebugStringA
FindFirstFileA
GetWindowsDirectoryA
LocalFree
LocalAlloc
TerminateProcess
GetExitCodeProcess
OpenProcess
GetCurrentThreadId
ResumeThread
DeviceIoControl
MoveFileA
CreateThread

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
OpenProcessToken

iphlpapi

GetAdaptersInfo

mfc42

msvcrt

_adjust_fdiv
malloc
__CxxFrameHandler
atol
_mbscmp
strcat
memset
rand
srand
time
strcpy
sprintf
atoi
strlen
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
free
??1type_info@@UAE@XZ

ole32

CoInitialize

oleaut32

user32

GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
GetProcessWindowStation
GetWindowLongA
SetWindowLongA
EnableWindow
CallNextHookEx
SetThreadDesktop
SetWindowsHookExA
UnhookWindowsHookEx
SetTimer
GetForegroundWindow
GetClassNameA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetReadFile

winmm

timeGetTime

Exports

Exports

InstallHook
InstallMyDll
UnInstallHook

Sections

UPX0
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9adcade79e6df938a4a5dbd2f8b2d23

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

mfc42

msvcrt

ole32

oleaut32

user32

wininet

winmm

Exports

Exports

Sections

UPX0 Size: 236KB - Virtual size: 236KB

.rsrc Size: 2KB - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 236KB - Virtual size: 236KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB