7afebb4958e2943e75e962f18339c94505030c47031262490430f6aec2261208

Sharing

Copy URL Twitter E-mail

General

Target

7afebb4958e2943e75e962f18339c94505030c47031262490430f6aec2261208
Size

4.7MB
MD5

065fa22bdb978bc1de82631a2e9fb974
SHA1

a8ef2eb6423f4b8899371752d41b59c44cbfe679
SHA256

7afebb4958e2943e75e962f18339c94505030c47031262490430f6aec2261208
SHA512

046b06433a231b3a972159eca80e714ea131207505ae1fdf98f46ed33c34b074605eb06b84a6b13d3eccb4f55f98a497fb01ebc1129fdde1da2c093b0822afc8
SSDEEP

98304:O9uPwUHPN7U1/p2eIRkL5tH953CmtDlgVKvwJrUxGD:O9uoUHBOp22HemQsYJi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7afebb4958e2943e75e962f18339c94505030c47031262490430f6aec2261208

Files

7afebb4958e2943e75e962f18339c94505030c47031262490430f6aec2261208
.exe windows x86

8775c2d17ebba842463fb102a58b38f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
Sleep
GetCurrentDirectoryA
CreateFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
HeapAlloc
HeapFree
GetProcessHeap
CreateIoCompletionPort
GetLastError
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FreeLibrary
GetProcAddress
LoadLibraryA
MulDiv
GetTickCount
ExitThread
TerminateThread
GetExitCodeThread
ResumeThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
GetModuleHandleA
LoadResource
FindResourceA
WriteConsoleW
SetEndOfFile
HeapSize
LeaveCriticalSection
ReadFile
FlushFileBuffers
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetTimeZoneInformation
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFullPathNameW
GetCurrentDirectoryW
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
RaiseException
RtlUnwind
EnterCriticalSection
InitializeCriticalSection
ReadConsoleW
CloseHandle
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
CreateThread
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
GetNativeSystemInfo
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
TlsAlloc
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EndDialog
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
EnableWindow
LoadMenuA
DestroyMenu
EnableMenuItem
GetSubMenu
SendMessageA
TrackPopupMenu
ClientToScreen
GetWindowLongA
SetWindowLongA
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
CallWindowProcA
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
MoveWindow
DialogBoxParamA
GetMenu
CheckMenuItem
UpdateWindow
BeginPaint
EndPaint
GetWindowTextLengthA
GetClientRect
GetWindowRect
MessageBoxA
LoadCursorA
LoadIconA
GetDC
KillTimer
PeekMessageA
PostQuitMessage
SetDlgItemTextA
MsgWaitForMultipleObjects
GetWindowTextA
SetWindowTextA
SetWindowPos
DialogBoxIndirectParamA
SetTimer
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateFontA
GetStockObject
GetDeviceCaps

shell32

ShellExecuteA

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

ws2_32

WSASetEvent
WSAWaitForMultipleEvents
inet_ntoa
WSAStartup
WSARecv
WSAGetLastError
bind
htonl
listen
WSAEnumNetworkEvents
setsockopt
closesocket
ioctlsocket
socket
WSASocketA
send
recv
inet_addr
htons
connect
WSAEventSelect
WSACreateEvent
ntohs
WSACloseEvent
WSASend
WSAIoctl

dbghelp

MiniDumpWriteDump

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8775c2d17ebba842463fb102a58b38f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

winmm

ws2_32

dbghelp

wtsapi32

Sections

.text Size: - Virtual size: 286KB

.rdata Size: - Virtual size: 76KB

.data Size: - Virtual size: 9KB

UPX0 Size: - Virtual size: 2.9MB

UPX1 Size: 4.7MB - Virtual size: 4.7MB

.rsrc Size: 8KB - Virtual size: 9KB

.text
Size: - Virtual size: 286KB

.rdata
Size: - Virtual size: 76KB

.data
Size: - Virtual size: 9KB

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 4.7MB - Virtual size: 4.7MB

.rsrc
Size: 8KB - Virtual size: 9KB