b4c1ba75d48296c7c514f06de62c17c30f1646df22cabf02d280b451daaefcc2

Sharing

Copy URL Twitter E-mail

General

Target

b4c1ba75d48296c7c514f06de62c17c30f1646df22cabf02d280b451daaefcc2
Size

178KB
MD5

544192c68e44fe9223f21b7310f27a40
SHA1

fc6abcb4b5bb170bd748ecd50b1e7c78f3118d64
SHA256

b4c1ba75d48296c7c514f06de62c17c30f1646df22cabf02d280b451daaefcc2
SHA512

851270e663bd1133a64cd50b6c2689cded0afcae45a90a97e6501b7b63a6ca8cd561760a21ef33a82622263958ff087f7313c27b7274c712ff3fb00d531bb6cc
SSDEEP

3072:OWzx/EhP4LA5u3rXl5iZhliZJSVwOAAnxRJ:LE14ljl5avaJSCO

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

b4c1ba75d48296c7c514f06de62c17c30f1646df22cabf02d280b451daaefcc2
.dll regsvr32 windows x86

0867b99af321e28649cd4fc53d2f2729

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
RaiseException
ExitProcess
TerminateProcess
HeapSize
GetACP
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetCurrentProcess
GetProcessVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GlobalFlags
SetLastError
GetVersion
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
LocalFree
GetTickCount
GetSystemDirectoryA
GetPrivateProfileStringA
GetLocalTime
WritePrivateProfileStringA
SetFilePointer
WriteFile
CloseHandle
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA

advapi32

RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

comctl32

gdi32

PtVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GetDeviceCaps
RectVisible
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

user32

MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetSysColor
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
CharNextA
MessageBoxA
PostQuitMessage
PostMessageA
GetMenuItemCount
wsprintfA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
RegisterWindowMessageA
LoadStringA
SendMessageA
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
GetWindowTextA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0867b99af321e28649cd4fc53d2f2729

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

ole32

oleaut32

user32

winspool.drv

Exports

Exports

Sections

UPX0 Size: 168KB - Virtual size: 168KB

.rsrc Size: 4KB - Virtual size: 8KB

.avc Size: 5KB - Virtual size: 8KB

UPX0
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 4KB - Virtual size: 8KB

.avc
Size: 5KB - Virtual size: 8KB