de_bluem2_client[.]dat

Sharing

Copy URL

Twitter E-mail

General

Target

de_bluem2_client.dat
Size

4.0MB
MD5

8beb476c2307e2d2838693e7c31a9c74
SHA1

8f9769a19a32270a3a9874fc710a2ddadb2ead28
SHA256

adba279fc9412075382a5f788e3efa4c61ad581ac163c8992cee7e2fb1808a42
SHA512

ae637777d2cb457d9974dc458909fd1e4764610c7bf53dbef4c4b04dd4c376b9cca91395430ec9d31fbc230e61a74ec574aa8fba1c493fd063fe0e3de8acd2ae
SSDEEP

98304:4PREvtdCDrS29FWR3f/u88aM/RdNg5/1D8ZVOcYhSMePmyqsc:Jvt0DXWRHu88RdmDfhePm1sc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample

Files

de_bluem2_client.dat
.gz
sample
.exe windows x86

63dbe85ab21b655e03fb09da9d4f87be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SafeArrayGetUBound

advapi32

RegQueryValueExA

user32

GetPropA

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetFileSize
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

SaveDC

version

GetFileVersionInfoSizeA

mpr

WNetGetConnectionA

ole32

CoUninitialize

comctl32

ImageList_DragEnter

imm32

ImmSetConversionStatus

wininet

HttpEndRequestA

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA

winmm

timeGetTime

d3d9

Direct3DCreate9

msvcrt

isspace

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

ws2_32

WSAEnumNetworkEvents

ntdll

ZwQuerySystemInformation

Sections

.text
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 624KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63dbe85ab21b655e03fb09da9d4f87be

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

ole32

comctl32

imm32

wininet

shell32

comdlg32

winmm

d3d9

msvcrt

d3dx9_43

ws2_32

ntdll

Sections

.text Size: - Virtual size: 2.5MB

.itext Size: - Virtual size: 8KB

.data Size: - Virtual size: 195KB

.bss Size: - Virtual size: 624KB

.idata Size: - Virtual size: 16KB

.tls Size: - Virtual size: 56B

.rdata Size: - Virtual size: 24B

UPX0 Size: - Virtual size: 2.8MB

UPX1 Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 2.5MB

.itext
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 195KB

.bss
Size: - Virtual size: 624KB

.idata
Size: - Virtual size: 16KB

.tls
Size: - Virtual size: 56B

.rdata
Size: - Virtual size: 24B

UPX0
Size: - Virtual size: 2.8MB

UPX1
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 2KB - Virtual size: 1KB