fdb0df6f7684259954f76fb335dc82b495ec460c632536900d766130c90faa23

Sharing

Copy URL Twitter E-mail

General

Target

fdb0df6f7684259954f76fb335dc82b495ec460c632536900d766130c90faa23
Size

212KB
MD5

277fde104b6d8f0a59418ec070f6b9c0
SHA1

57f75e10e3658d741cf4b0810f67cee12379d88a
SHA256

fdb0df6f7684259954f76fb335dc82b495ec460c632536900d766130c90faa23
SHA512

a1225bea3e08d165bd20ac22430a21c81afdc36bacd9d001072ea9a53fdbb75801480779daa12e3fa785a9e47674237bc4c5b18a4a408d1215d63911a742ea24
SSDEEP

6144:1Gxl0uH+al2da0QsgIelhp1ZPZMg9cNf:Uxl0uATxO3c

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fdb0df6f7684259954f76fb335dc82b495ec460c632536900d766130c90faa23
.dll windows x86

e12aab86bb2cb0897ea08282e573fa1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
CreateRemoteThread
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetComputerNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetTempPathA
GetVersion
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
Module32First
Module32Next
MoveFileA
OpenFileMappingA
OpenProcess
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
RemoveDirectoryA
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEvent
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
SetVolumeLabelA
SizeofResource
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualQuery
WaitForSingleObject
WriteFile
WriteProcessMemory
lstrcatA
lstrcpyA
lstrlenA

advapi32

AdjustTokenPrivileges
ChangeServiceConfigA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
EnumServicesStatusA
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
StartServiceA

comctl32

ImageList_Destroy
ImageList_GetIcon
ImageList_GetImageCount

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetDIBits
GetObjectA
SelectObject

shell32

FindExecutableA
SHGetFileInfoA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AttachThreadInput
CallNextHookEx
ChangeDisplaySettingsA
DestroyIcon
DrawIcon
EnumDisplaySettingsA
EnumThreadWindows
ExitWindowsEx
GetActiveWindow
GetCursor
GetCursorPos
GetDC
GetIconInfo
GetKeyState
GetMessageA
GetSystemMetrics
GetWindowTextA
GetWindowThreadProcessId
IsRectEmpty
KillTimer
MessageBoxA
PostThreadMessageA
ReleaseDC
SetCursorPos
SetTimer
SetWindowsHookExA
UnhookWindowsHookEx
VkKeyScanA
WindowFromPoint
keybd_event
mouse_event
wsprintfA

wininet

InternetGetConnectedState

ws2_32

Exports

Exports

___CPPdebugHook

Sections

UPX0
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e12aab86bb2cb0897ea08282e573fa1b

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

shell32

user32

wininet

ws2_32

Exports

Exports

Sections

UPX0 Size: 204KB - Virtual size: 204KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 8KB

UPX0
Size: 204KB - Virtual size: 204KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 8KB