xupfl_MZpayload[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xupfl_MZpayload.exe
Size

224KB
MD5

b231c397df5440bcea9d6898d99e8ca8
SHA1

96bb7979946088fc4891a41e838f4719f18e708c
SHA256

6a9b0fbfc35a59912522354a08dfd26f4e2451c4737beb424380692290e220e0
SHA512

7aa2d77ca4a57d1a72801c7f068f14ad908c8c8a7449e9b8540055a56e79943c7581341818de9d772c96b0af972b7cdc46f2f2f20021653a264a271b137f76f5
SSDEEP

6144:3LcI8MnLnhwLNAl2rvqt7thCuPmHPdtOtaS:3L7nWCl2TqBth3PmHVXS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xupfl_MZpayload.exe

Files

xupfl_MZpayload.exe
.exe windows x86

8448e6b15a43177886bd4784b81223d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointerEx
CreateDirectoryW
SetFileTime
WriteFile
LoadLibraryW
GetFileAttributesW
ReadFile
GetTempPathW
GetFileSizeEx
VirtualAlloc
FindClose
RemoveDirectoryW
FindNextFileW
GetFileTime
DeleteFileW
SetFileAttributesW
Sleep
GetProcAddress
LoadLibraryA
CreateRemoteThread
OpenProcess
VirtualFreeEx
GetProcessId
SystemTimeToFileTime
CompareFileTime
FileTimeToSystemTime
GetCurrentProcess
GetFileAttributesExW
PeekNamedPipe
SetHandleInformation
GetCurrentThread
CreatePipe
CreateThread
ExitProcess
GetEnvironmentVariableW
GetComputerNameW
GetVersionExW
DuplicateHandle
ResetEvent
GetUserDefaultLocaleName
GetNativeSystemInfo
CompareStringW
GetSystemDefaultLocaleName
GetTickCount
SetThreadPriority
GlobalMemoryStatusEx
IsDebuggerPresent
GetDiskFreeSpaceExA
LocalFree
GetVolumeNameForVolumeMountPointW
GetUserDefaultUILanguage
SetLastError
WaitForMultipleObjects
IsBadReadPtr
OpenMutexW
FreeLibrary
FindFirstFileW
CreateEventW
GetModuleFileNameW
ReleaseMutex
SetEvent
CreateMutexW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryFullProcessImageNameW
DeviceIoControl
CreateFileW
GetModuleHandleW
GetLogicalProcessorInformation
CreateProcessW
HeapCreate
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
CloseHandle
TerminateProcess
GetSystemPowerStatus
GetCurrentProcessId
GetCurrentThreadId
GetLastError
TerminateThread
VirtualFree
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
ReadProcessMemory
VirtualQueryEx
MultiByteToWideChar
GetSystemTime
WideCharToMultiByte

user32

MonitorFromPoint
GetParent
LoadCursorW
GetClientRect
InflateRect
EnumChildWindows
ShowWindow
ShowScrollBar
CreateWindowExW
RegisterClassW
GetSystemMetrics
ScreenToClient
GetMonitorInfoW
MoveWindow
CharUpperA
CharLowerW
CharUpperW
PostQuitMessage
LoadImageW
GetScrollInfo
GetWindowLongW
SetScrollPos
SetWindowLongW
GetWindowThreadProcessId
CharToOemW
EnumWindows
IsIconic
GetKeyboardLayout
DispatchMessageW
UnhookWindowsHookEx
SetWindowPos
SetWindowsHookExA
GetMessageW
CallNextHookEx
SetScrollInfo
IsCharAlphaNumericA
CharLowerA
SendMessageW
DefWindowProcW
GetScrollPos
SetWindowTextW
UpdateWindow
MessageBoxW
ScrollWindowEx
SetFocus

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegQueryValueExW
LookupPrivilegeValueW
StartServiceW
RegOpenKeyExW
AdjustTokenPrivileges
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptCreateHash
CryptDestroyHash
CryptHashData
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
CheckTokenMembership
SetSecurityDescriptorSacl
CreateWellKnownSid
CryptGetKeyParam
GetLengthSid
CryptImportKey
CryptEncrypt
CryptDestroyKey
CreateServiceW
OpenProcessToken

shlwapi

PathAddBackslashW
SHDeleteValueW
PathCombineW
PathSkipRootW
PathIsDirectoryW
PathRemoveBackslashW
PathRemoveFileSpecW
wvnsprintfA
wvnsprintfW
PathAddExtensionW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoGetObject
CLSIDFromString
StringFromGUID2
CoCreateInstance
CoUninitialize

gdi32

CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetStockObject

crypt32

CryptStringToBinaryA
CryptDecodeObject

wininet

InternetQueryOptionA
InternetCrackUrlA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

bcrypt

BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptVerifySignature
BCryptImportKeyPair
BCryptCreateHash
BCryptGetProperty

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

UuidCreate

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8448e6b15a43177886bd4784b81223d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

ole32

gdi32

crypt32

wininet

bcrypt

version

rpcrt4

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 91KB - Virtual size: 98KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 91KB - Virtual size: 98KB

.reloc
Size: 6KB - Virtual size: 5KB