927f69b833fbc36e632effecc473d6615637fbd62cbcec48f3ae5a73bb994fe0

Sharing

Copy URL

Twitter E-mail

General

Target

927f69b833fbc36e632effecc473d6615637fbd62cbcec48f3ae5a73bb994fe0
Size

68KB
MD5

16619bd4ad1ae2e884eadf6707a292d4
SHA1

8135eb10010e77a09fe3650cb8fab685b89cbea9
SHA256

927f69b833fbc36e632effecc473d6615637fbd62cbcec48f3ae5a73bb994fe0
SHA512

13058b89a8ff72a5d9cb0d41ce7210e2e9a8f1a37ff02e1586ff79cf664ca739ea90f774d5eb37c5274eaa5e398b5a14b04e8a06d9450cd3d3fc8361cfa3b31e
SSDEEP

1536:Sw7Lq1om99KAzsMKop+QcvTEYTWQErGG3jDSAHK7:SFngAuIYTUXyAHK7

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

927f69b833fbc36e632effecc473d6615637fbd62cbcec48f3ae5a73bb994fe0
.dll regsvr32 windows x86

65eb5f8e65e93fa950030a09aaa553fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
HeapDestroy
Sleep
OpenProcess
CloseHandle
CreateProcessA
SetCurrentDirectoryA
SetFileAttributesA
MoveFileA
CreateFileA
WriteFile
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
DeviceIoControl
GetSystemDirectoryA
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
FreeConsole
FindFirstFileA
FindClose
SetFileTime
HeapFree
HeapAlloc
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CreateThread
TerminateThread
HeapSize
WideCharToMultiByte
GetTickCount
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
GetVersionExA
CreateDirectoryA
DeleteFileA
FindNextFileA
RemoveDirectoryA
GetDriveTypeA
GetFileAttributesA
GetFileSize
SetFilePointer
ReadFile
HeapReAlloc
FindResourceA
LoadResource
SizeofResource
GetLastError
GetProcAddress
GlobalAlloc
LoadLibraryExA
GlobalFree
FreeLibrary
lstrcatA
GetVersion
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetVolumeInformationA
WaitForMultipleObjects
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore

advapi32

OpenProcessToken
CreateProcessAsUserA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
CreateServiceA
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
ControlService
GetUserNameA

iphlpapi

GetAdaptersInfo

msvcrt

memset
strncpy
memmove
sprintf
_strnicmp
strncmp
_strdup
free
strcmp
memcpy
strstr
strlen
strcpy
strcat
??2@YAPAXI@Z
??3@YAXPAX@Z
malloc

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
DeleteUrlCacheEntryA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA

wsock32

WSAStartup
htons
inet_addr
socket
connect
send
closesocket
sendto
gethostbyname
WSACleanup
ioctlsocket
recvfrom
recv
gethostname
WSAGetLastError

Exports

Exports

DllRegisterServer
ServiceHandler
ServiceMain

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

65eb5f8e65e93fa950030a09aaa553fa

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

msvcrt

shell32

wininet

wsock32

Exports

Exports

Sections

UPX0 Size: 64KB - Virtual size: 64KB

UPX2 Size: 1024B - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 64KB - Virtual size: 64KB

UPX2
Size: 1024B - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB