830d590cf19db076b50180e3a380f52bdee153004fbd35a01399d2a1899aa311

Sharing

Copy URL Twitter E-mail

General

Target

830d590cf19db076b50180e3a380f52bdee153004fbd35a01399d2a1899aa311
Size

312KB
MD5

5479d440d1a7b62b053f60108c870fe9
SHA1

c2cbe5792a896052d0d223ec5827d168f697c6a9
SHA256

830d590cf19db076b50180e3a380f52bdee153004fbd35a01399d2a1899aa311
SHA512

571152b5183e8c191311042b70e0630caf807eaa3f590860a324a4041ce5a406b94a446f4d856780dd221760c13d2716ab9aad55f3aca69ff723ac51ce6f1aef
SSDEEP

6144:0zXP+A2Aaja3+5iwU9JG5sxgWKBbRXUHE1V8g+2Z:HZja3oiwU9QmhKBJUHE1VZ

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

830d590cf19db076b50180e3a380f52bdee153004fbd35a01399d2a1899aa311
.exe windows x86

8bccc56b2abc9b910ec354c01de60644

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionW
CopyFileW
SetFileAttributesW
GetFileAttributesW
Sleep
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
SetCurrentDirectoryW
GetTempPathW
GetVersionExW
TerminateProcess
OpenProcess
GetTickCount
RemoveDirectoryW
SetEvent
CreateEventW
GlobalFree
GlobalAlloc
GetCurrentProcess
GetProcAddress
GetModuleHandleW
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThread
CreateProcessW
GetCurrentProcessId
GetTempFileNameW
CreateMutexW
ReleaseMutex
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
ProcessIdToSessionId
CreateFileMappingW
GetPrivateProfileSectionNamesW
lstrlenA
OpenEventW
GetSystemInfo
GetExitCodeProcess
ResetEvent
SystemTimeToFileTime
SetEnvironmentVariableA
DeleteFileW
CompareStringA
HeapSize
SetEndOfFile
GetOEMCP
GetACP
RaiseException
GetCPInfo
GetLocaleInfoA
GetCurrentThreadId
QueryPerformanceCounter
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
VirtualProtect
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
CreateDirectoryW
WritePrivateProfileStringW
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
VirtualQuery
InterlockedExchange
ExitProcess
GetTimeZoneInformation
HeapFree
OutputDebugStringA
HeapAlloc
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
GetSystemTimeAsFileTime
LoadLibraryA
FileTimeToSystemTime
GetLocalTime
GetSystemDirectoryW
GetLastError
ReadFile
GetFileSize
LoadLibraryW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeLibrary
lstrcmpW
lstrcmpiW
WideCharToMultiByte
lstrcatW
lstrcpyW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
lstrlenW
CreateFileW
WriteFile
SetFilePointer
CloseHandle
OutputDebugStringW
CompareStringW

user32

GetDlgItem
MessageBoxW
LoadStringW
DefWindowProcW
DestroyWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostMessageW
UpdateWindow
SetWindowPos
SetWindowTextW
ShowWindow
CreateWindowExW
GetWindowRect
RegisterClassExW
LoadCursorW
LoadIconW
CharLowerBuffA
GetSystemMetrics
BringWindowToTop
SetForegroundWindow
EnumWindows
IsWindowVisible
GetWindow
GetWindowLongW
GetDesktopWindow
WaitForInputIdle
CreateDialogParamW

gdi32

GetStockObject

winspool.drv

DeleteFormW
AddFormW
GetPrinterDriverDirectoryW
AddMonitorW
DeletePrinter
AddPrinterW
OpenPrinterW
DeleteMonitorW
EnumPrintersW
ord204
ord203
EnumPortsW
GetPrinterW
EnumFormsW
EnumMonitorsW
ClosePrinter
GetPrinterDriverW
AddPrinterDriverExW
DeletePrinterDriverW

advapi32

RegOpenKeyExA
DuplicateTokenEx
CreateProcessAsUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenThreadToken
QueryServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatusEx
CloseServiceHandle
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteW
SHGetFolderPathW

shlwapi

PathUnquoteSpacesW
PathRemoveExtensionW
PathFindExtensionW
PathRemoveFileSpecW
PathRemoveExtensionA
PathRemoveBlanksA
PathFindFileNameW
PathRemoveBlanksW
PathIsFileSpecW
PathAddBackslashW

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

setupapi

SetupSetDirectoryIdW
SetupOpenInfFileW
SetupDefaultQueueCallbackW
SetupInstallFromInfSectionW
SetupTermDefaultQueueCallback
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx
SetupOpenAppendInfFileW

comctl32

ord17

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bccc56b2abc9b910ec354c01de60644

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

psapi

setupapi

comctl32

userenv

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 134KB

.rsrc Size: 4KB - Virtual size: 3KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 134KB

.rsrc
Size: 4KB - Virtual size: 3KB

.UPX0
Size: 108KB - Virtual size: 260KB