f24bd4114ca940c61482c4719de5eec8291244e19d9e9b02e675085a379f21ef

Sharing

Copy URL Twitter E-mail

General

Target

f24bd4114ca940c61482c4719de5eec8291244e19d9e9b02e675085a379f21ef
Size

2.4MB
MD5

4efb7f39d5d82140ef25751f4f97e1a8
SHA1

763f90dd46a62d97904cc4f140c19722115a6b35
SHA256

f24bd4114ca940c61482c4719de5eec8291244e19d9e9b02e675085a379f21ef
SHA512

4b7333789ef3c1e07d69dab71979e8dd0eff01fcdf1c67261b43d43c93ee0e2f572a3251489cc8469439958f448a67d06922d4e01f7ef469f1de0274b7c0190a
SSDEEP

49152:R5wihtjcSS7l+15Ctvr57tiIpXAXexqvTx7iL/LLML9brmfwQYS:rWjZ19thtGCqvTxELYLhytYS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Project4.hl.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Project4.dll
unpack001/Project4.hl.exe
unpack001/shiza.dll

Files

f24bd4114ca940c61482c4719de5eec8291244e19d9e9b02e675085a379f21ef
.zip
Legit.cfg
Project4.dll
.dll windows x86

d138ad463df811ff4aee43c9dd23d75a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetConsoleTitleA
VirtualAlloc
LoadLibraryA
FreeConsole
CreateThread
GetConsoleWindow
AllocConsole
VirtualQuery
WriteConsoleW
SetEndOfFile
CloseHandle
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetModuleHandleW
GetProcAddress
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
CreateFileW
HeapSize
ReadFile
ReadConsoleW
DecodePointer

user32

ShowWindow

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Project4.hl.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
injmthd.ini
menu.jpg
.jpg
shiza.dll
.dll windows x86

e9f33c34083c46b80b14ca02be1d51fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
WideCharToMultiByte
GetTickCount64
GetProcessHeap
IsBadReadPtr
FreeLibraryAndExitThread
CreateThread
DisableThreadLibraryCalls
FindFirstFileA
QueryPerformanceCounter
FindClose
DeleteFileA
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
QueryPerformanceFrequency
MultiByteToWideChar
FindNextFileA
GetModuleHandleA
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFullPathNameW
GetDriveTypeW
ReadFile
LoadLibraryExW
FreeLibrary
SetLastError
GetLastError
InterlockedFlushSList
RtlUnwind
RaiseException
TlsFree
TlsGetValue
CreateSemaphoreW
TlsAlloc
InitializeCriticalSection
ReleaseSemaphore
TlsSetValue
TerminateProcess
InitializeSListHead
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime

user32

ReleaseCapture
SetCursorPos
GetCursorPos
GetActiveWindow
SetWindowLongA
CallWindowProcA
DefWindowProcA
FindWindowA
ShowCursor
GetWindowRect
GetDesktopWindow
GetAsyncKeyState
GetKeyState
mouse_event
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect

gdi32

SelectObject
GetTextExtentPointA
DeleteObject
CreateFontA

shell32

SHGetKnownFolderPath

opengl32

glPolygonMode
glPopMatrix
glVertex2f
glVertex2i
glBegin
glColor3f
glEnd
glListBase
glColor4ub
glRasterPos2i
glHint
wglUseFontBitmapsA
glCallLists
glGenLists
wglGetCurrentDC
glColor4f
glDepthFunc
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glShadeModel
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glTexCoordPointer
glDeleteTextures
glTexParameteri
glLoadIdentity
glBlendFunc
glMatrixMode
glDisableClientState
glScissor
glEnable
glVertexPointer
glGenTextures
glBindTexture
glLineWidth
glPopAttrib
glEnableClientState
glViewport

winmm

timeGetTime

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d138ad463df811ff4aee43c9dd23d75a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 168KB - Virtual size: 168KB

e9f33c34083c46b80b14ca02be1d51fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

opengl32

winmm

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 489KB - Virtual size: 489KB

.data Size: 10KB - Virtual size: 25KB

.0 Size: 463KB - Virtual size: 463KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 489KB - Virtual size: 489KB

.data
Size: 10KB - Virtual size: 25KB

.0
Size: 463KB - Virtual size: 463KB

.reloc
Size: 54KB - Virtual size: 53KB