b5e6c6676920ad36f41919b9d3b93c989e495486032b8a277e872ce80869232f

Sharing

Copy URL Twitter E-mail

General

Target

b5e6c6676920ad36f41919b9d3b93c989e495486032b8a277e872ce80869232f
Size

185KB
MD5

b743ce988779da7e01aa2c3703a86221
SHA1

05c50afa657a52d3afea6a01270caa9fdd0abec6
SHA256

b5e6c6676920ad36f41919b9d3b93c989e495486032b8a277e872ce80869232f
SHA512

4faa9b30219e962264e56ab415bde3fa32af9a85e404986f29588e4010018a756664d3bc08d74ccb669b96ae05187dd175ab6561f50ce3d12cd20a81c65d9861
SSDEEP

3072:XQnmop1FiJvmIGFstv8x/ZWOH7jBrCWO+Jr4kLZpF6G/uh/x88LLE:XSmop1FiJ1GStv2Rf1rCWDJrRL/O85

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b5e6c6676920ad36f41919b9d3b93c989e495486032b8a277e872ce80869232f
.exe windows x86

ee029764f84fa784ce077d7dffa7ee5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegConnectRegistryW
LookupAccountSidW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

InterlockedDecrement
CloseHandle
OpenProcess
TerminateProcess
GetExitCodeProcess
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
WriteConsoleW
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentProcess
GetComputerNameExW
GetCurrentThreadId
GetConsoleOutputCP
SetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
GetLastError
SetLastError
ExitProcess
GetModuleFileNameW

msvcrt

wcsstr
_fileno
_vsnwprintf
wcstod
wcstol
fflush
_get_osfhandle
wcstok
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
wcstoul
_errno
wcschr
_wtoi64
memcpy
_wcsicmp
wcsrchr
??2@YAPAXI@Z
free
_wcsdup
__iob_func
??3@YAXPAX@Z
memset
__CxxFrameHandler3
fprintf
_memicmp

ntdll

RtlLargeIntegerToChar
RtlTimeToElapsedTimeFields

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

GetProcessWindowStation
GetWindowTextW
FindWindowExW
CharUpperW
LoadStringW
wsprintfW
PostMessageW
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
EnumDesktopsW
GetThreadDesktop
OpenDesktopW
SetThreadDesktop
CloseDesktop
EnumWindows
GetWindowThreadProcessId
GetWindowLongW
GetWindow
IsHungAppWindow
EnumWindowStationsW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

SysAllocStringByteLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocString
SysStringLen

secur32

GetUserNameExW

ws2_32

GetNameInfoW
GetAddrInfoW
WSAGetLastError
WSAStartup
WSACleanup
FreeAddrInfoW

framedynos

?GetData@CHString@@IBEPAUCHStringData@@XZ
??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?GetBufferSetLength@CHString@@QAEPAGH@Z
?GetBuffer@CHString@@QAEPAGH@Z
?Format@CHString@@QAAXPBGZZ
?Mid@CHString@@QBE?AV1@H@Z
?Left@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Compare@CHString@@QBEHPBG@Z
?Empty@CHString@@QAEXXZ
?Mid@CHString@@QBE?AV1@HH@Z
?Find@CHString@@QBEHPBG@Z
??YCHString@@QAEABV0@PBG@Z
??YCHString@@QAEABV0@ABV0@@Z
?ReleaseBuffer@CHString@@QAEXH@Z
??1CHString@@QAE@XZ
??4CHString@@QAEABV0@PBD@Z

netapi32

NetApiBufferFree
NetServerGetInfo

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrChrIW
StrStrW
StrStrIW
StrChrW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee029764f84fa784ce077d7dffa7ee5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

version

user32

mpr

ole32

oleaut32

secur32

ws2_32

framedynos

netapi32

dbghelp

shlwapi

Sections

.text Size: 69KB - Virtual size: 69KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 69KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB

.UPX0
Size: 108KB - Virtual size: 260KB