fefff8cf11bf5bb3617d61d45fcc300fd1eee8fe7ffc05ad14f72e4e5e279bbf

Sharing

Copy URL Twitter E-mail

General

Target

fefff8cf11bf5bb3617d61d45fcc300fd1eee8fe7ffc05ad14f72e4e5e279bbf
Size

15.5MB
MD5

e6ccc063143a8db86723e1142fd5020c
SHA1

dc2e0385c2ce8fb610d013a53f10e2a350bd153b
SHA256

fefff8cf11bf5bb3617d61d45fcc300fd1eee8fe7ffc05ad14f72e4e5e279bbf
SHA512

b361a5b351bf87591c029af8d6e9a6aae0337e672fa0ee08ac441658a40358b2ff48a21b11d6e312bbe1df30ae5b324ddd276103becb9a0bd3254ef7e7fedd34
SSDEEP

196608:PBYKyLT67JoJaEntYfWQBuMauF8O6iWwOp7:D7JWaEnqfWQBuMauF8YOp7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fefff8cf11bf5bb3617d61d45fcc300fd1eee8fe7ffc05ad14f72e4e5e279bbf

Files

fefff8cf11bf5bb3617d61d45fcc300fd1eee8fe7ffc05ad14f72e4e5e279bbf
.exe windows x86

b1957f630e8012f096aefd542cbb6ae2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
SuspendThread
LocalFree
GetProfileIntA
DuplicateHandle
FlushFileBuffers
LockFile
GlobalAddAtomA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
LocalFileTimeToFileTime
GetDiskFreeSpaceA
GetProcessVersion
GetUserDefaultLCID
GlobalFlags
GetOEMCP
FindResourceExA
SetErrorMode
lstrcpyW
RtlUnwind
GetTimeZoneInformation
RaiseException
SetEnvironmentVariableA
SetCurrentDirectoryA
ExitThread
SetStdHandle
GetFileType
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
CompareStringA
CompareStringW
GetLocaleInfoW
GlobalFindAtomA
GlobalDeleteAtom
GetSystemDirectoryA
SetPriorityClass
SetEndOfFile
HeapReAlloc
GetTempFileNameA
Beep
IsBadWritePtr
GetDateFormatA
GetTimeFormatA
GetDiskFreeSpaceExA
SetThreadPriority
lstrcpynA
LCMapStringA
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
IsBadReadPtr
VirtualQuery
VirtualProtect
CreateDirectoryA
GetFileInformationByHandle
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetFileTime
CompareFileTime
SizeofResource
GetACP
WritePrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetCurrentThread
ResumeThread
Thread32First
Thread32Next
LoadLibraryExW
GetLocalTime
OpenProcess
TerminateProcess
ExpandEnvironmentStringsA
GetStartupInfoA
CreateSemaphoreA
SetUnhandledExceptionFilter
ExitProcess
CreateMutexA
ReleaseMutex
HeapSize
SetLastError
GlobalMemoryStatus
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
DeviceIoControl
GetLogicalDriveStringsA
GetDriveTypeA
GetVersionExA
GetSystemInfo
OpenMutexA
CreateToolhelp32Snapshot
Process32First
Process32Next
CopyFileA
GetSystemDefaultLangID
lstrcmpA
FlushViewOfFile
CreateEventA
SetFileTime
GetFullPathNameA
GetLastError
FindNextFileA
GetTempPathA
GetCurrentProcessId
GlobalReAlloc
CreateProcessA
MoveFileA
GetSystemTime
SystemTimeToFileTime
GetPrivateProfileStringA
GetPrivateProfileIntA
TerminateThread
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
ReadFile
GetModuleHandleA
WriteProfileStringA
GetProfileStringA
OutputDebugStringA
GetCurrentThreadId
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize
SetFilePointer
CreateFileA
WriteFile
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSection
ResetEvent
GetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
GetWindowsDirectoryA
MulDiv
lstrcatA
WinExec
LoadLibraryExA
GetVolumeInformationA
FindFirstFileA
FindClose
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
WritePrivateProfileStringA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
DeleteFileA
FreeLibrary
GetTickCount
lstrcpyA
GetVersion
Sleep
LoadLibraryA
GetProcAddress
FlushInstructionCache
UnlockFile

advapi32

SetFileSecurityA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegEnumValueA
GetUserNameA
CreateProcessAsUserA
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegEnumKeyA
RegCloseKey
GetFileSecurityA
RegSetValueA
RegCreateKeyA

comctl32

ImageList_AddMasked
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ord17
ImageList_Create
ImageList_DragShowNolock
ImageList_Duplicate
ImageList_DrawIndirect
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
ImageList_DragEnter
ImageList_BeginDrag
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_SetBkColor
ImageList_DrawEx
ImageList_Remove
ImageList_GetBkColor
ImageList_Destroy
ImageList_LoadImageA

comdlg32

CommDlgExtendedError
ChooseFontA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA
ChooseColorA
ReplaceTextA
FindTextA
PageSetupDlgA

gdi32

GetTextExtentExPointA
SetWindowExtEx
SetViewportExtEx
SetMapMode
SelectClipRgn
OffsetRgn
CreateDCA
SetPolyFillMode
PolyPolygon
SetBrushOrgEx
SetStretchBltMode
RoundRect
StartDocA
SaveDC
RestoreDC
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowOrgEx
ScaleWindowExtEx
ExcludeClipRect
PtInRegion
IntersectClipRect
SetTextAlign
GetCurrentPositionEx
SelectClipPath
CreatePatternBrush
SetRectRgn
StretchDIBits
GetCharWidthA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
GetViewportOrgEx
CopyMetaFileA
EnumFontFamiliesExA
GetWindowOrgEx
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetROP2
GetTextFaceA
CreatePolygonRgn
ExtSelectClipRgn
GetCurrentObject
GetClipBox
CreateEllipticRgnIndirect
FillRgn
GetMapMode
DPtoLP
CreateFontA
SetTextJustification
StretchBlt
CreateBitmap
SetBkColor
Escape
CreateHatchBrush
BeginPath
EndPath
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportExtEx
CreateRoundRectRgn
ExtCreateRegion
FrameRgn
LPtoDP
Arc
Rectangle
ExtTextOutA
RectVisible
PtVisible
GetPixel
SetPixel
CreateDIBSection
DeleteDC
GetTextExtentPoint32W
GetBkMode
GetDeviceCaps
Polygon
CreateSolidBrush
CreateRectRgnIndirect
PatBlt
CreateFontIndirectA
GetBkColor
GetTextColor
CreateCompatibleBitmap
GetStockObject
GetObjectA
CreateCompatibleDC
BitBlt
GdiFlush
SetROP2
Polyline
DeleteObject
Pie
Ellipse
CreatePen
CreateRectRgn
MoveToEx
LineTo
GetTextExtentPoint32A
SetBkMode
SetTextColor
GetTextExtentPointA
CreateDIBitmap
TextOutA
SelectObject
GetClipRgn
GetTextMetricsA
CombineRgn

iphlpapi

GetAdaptersInfo

msimg32

AlphaBlend
GradientFill
TransparentBlt

netapi32

Netbios

ole32

CoTaskMemFree
OleRegGetUserType
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoDisconnectObject
OleInitialize
OleUninitialize
CreateBindCtx
CreateStreamOnHGlobal
GetHGlobalFromStream
RevokeDragDrop
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleCreateStaticFromData
CoUninitialize
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
RegisterDragDrop
CoRegisterMessageFilter
OleSetMenuDescriptor
CoLockObjectExternal
CreateGenericComposite
CreateItemMoniker
OleSaveToStream
WriteClassStm
OleGetIconOfClass
GetHGlobalFromILockBytes
OleSave
OleLoad
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateLinkFromData
OleCreateFromData
OleLockRunning
CreateFileMoniker
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterClassObject
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg

oleaut32

VarBstrFromDate
VarDateFromStr
LoadTypeLi
SysStringByteLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantTimeToSystemTime
VariantClear
SysStringLen
SafeArrayGetUBound
VariantChangeType
VariantInit
SysFreeString

oledlg

ord8
ord11
ord4
ord3

olepro32

ord251
ord253

rpcrt4

NdrProxyInitialize
NdrCStdStubBuffer2_Release
NdrOleFree
NdrOleAllocate
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrProxyErrorHandler
NdrClearOutParameters
NdrProxyFreeBuffer
NdrConvert
NdrProxySendReceive
NdrUserMarshalMarshall
NdrProxyGetBuffer
NdrUserMarshalBufferSize
RpcRaiseException
NdrStubInitialize
NdrUserMarshalFree
NdrStubGetBuffer
NdrUserMarshalUnmarshall

shell32

ShellExecuteExA
DragQueryFileA
DragFinish
DragAcceptFiles
SHBrowseForFolderA
SHGetFileInfoA
ExtractIconA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
ExtractIconExA
ShellExecuteA

shlwapi

PathMatchSpecA

urlmon

URLDownloadToFileA

user32

GetWindowPlacement
CreateDialogIndirectParamA
DestroyWindow
DrawMenuBar
GetUpdateRect
DeferWindowPos
MoveWindow
MenuItemFromPoint
PostQuitMessage
GetWindowRgn
ChildWindowFromPoint
IsWindowEnabled
GetClassInfoA
DefWindowProcA
CreateWindowExA
EndDialog
wsprintfA
MapWindowPoints
SetMenuItemInfoA
BringWindowToTop
GetKeyboardState
ToAscii
GetCaretPos
RemovePropA
AttachThreadInput
SetPropA
GetDCEx
PostThreadMessageA
EmptyClipboard
SetClipboardData
HideCaret
GetDlgItem
ShowWindow
ShowScrollBar
SetWindowRgn
CallWindowProcA
GetWindowDC
CheckMenuRadioItem
GetForegroundWindow
GetTopWindow
UnionRect
ShowWindowAsync
CharNextA
UnregisterHotKey
RegisterHotKey
ShowOwnedPopups
GetLastActivePopup
SetForegroundWindow
IsZoomed
GetAsyncKeyState
GetTabbedTextExtentA
GetCursor
IsChild
GetWindowTextLengthA
BeginDeferWindowPos
EndDeferWindowPos
GetWindowThreadProcessId
GetPropA
EnumWindows
EnumChildWindows
GetClassNameA
keybd_event
SetFocus
WindowFromDC
SetCursorPos
ClipCursor
GetMessageA
GetDlgCtrlID
EnableMenuItem
CheckMenuItem
GetMenuItemRect
SetMenu
IsMenu
GetSystemMenu
GetMenu
LoadAcceleratorsA
CopyAcceleratorTableA
AdjustWindowRectEx
RedrawWindow
GetScrollPos
SetScrollPos
LockWindowUpdate
GetWindowTextA
SetWindowTextA
SetActiveWindow
GetDialogBaseUnits
TrackPopupMenu
CloseWindow
GetClassLongA
FindWindowA
GetKeyNameTextA
DrawTextExA
GetNextDlgGroupItem
SetClipboardViewer
ChangeClipboardChain
OpenClipboard
SetWindowPlacement
CloseClipboard
GetMessagePos
GetMessageTime
GetCapture
CallNextHookEx
IntersectRect
SetWindowsHookExA
UnhookWindowsHookEx
GetCursorPos
SetParent
CopyIcon
LoadStringA
ScreenToClient
DrawFrameControl
SetWindowLongA
MessageBoxA
ReleaseCapture
SetCapture
CreateIconIndirect
PostMessageA
LoadMenuA
GetIconInfo
LoadImageA
DrawStateA
DrawFocusRect
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
GetFocus
GetNextDlgTabItem
GetWindowLongA
DestroyCursor
DestroyMenu
SendMessageTimeoutA
PeekMessageA
TranslateMessage
DispatchMessageA
IsIconic
GrayStringA
TabbedTextOutA
GetSubMenu
DeleteMenu
RemoveMenu
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
InsertMenuA
AppendMenuA
GetDesktopWindow
DrawIconEx
DestroyIcon
SystemParametersInfoA
DrawEdge
SetRect
GetMenuItemInfoA
GetSystemMetrics
EnableScrollBar
UpdateWindow
GetSysColor
LoadCursorA
SetCursor
EqualRect
PtInRect
InflateRect
LoadIconA
RegisterClassA
WinHelpA
GetScrollRange
SetScrollInfo
GetScrollInfo
ScrollWindow
SendDlgItemMessageA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
DefMDIChildProcA
TranslateMDISysAccel
DefFrameProcA
DrawIcon
OffsetRect
MessageBeep
IsWindow
KillTimer
LoadBitmapA
GetClientRect
InvalidateRect
IsWindowVisible
SetWindowPos
GetDC
ReleaseDC
DrawAnimatedRects
DrawTextA
FrameRect
FillRect
IsRectEmpty
CopyRect
SetRectEmpty
GetParent
SetTimer
GetKeyState
GetWindow
GetWindowRect
SendMessageA
EnableWindow
RegisterWindowMessageA
InvertRect
RegisterClipboardFormatA
SetWindowContextHelpId
CountClipboardFormats
IsClipboardFormatAvailable
CharUpperA
UnpackDDElParam
ReuseDDElParam
TranslateAcceleratorA
MapDialogRect
EndPaint
BeginPaint
wvsprintfA
ValidateRect
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetClipboardData
GetDlgItemTextA
IsWindowUnicode
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
UnregisterClassA
SetScrollRange

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetSetOptionA
DeleteUrlCacheEntry
InternetReadFile
FindCloseUrlCache
FindFirstUrlCacheEntryA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetSetOptionExA
InternetSetStatusCallback
InternetCloseHandle
HttpQueryInfoA
InternetGetCookieA
FindNextUrlCacheEntryA
InternetGetLastResponseInfoA
HttpSendRequestA
InternetErrorDlg
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetQueryOptionA

winmm

waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutClose
timeGetTime
waveOutReset
waveOutOpen
mmioDescend
mmioOpenA
mmioCreateChunk
mmioRead
mmioWrite
mmioAscend
mmioClose
PlaySoundA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

wsock32

WSASetLastError
getsockname
WSACleanup
getservbyname
connect
recv
send
gethostname
socket
WSAGetLastError
WSAStartup
htonl
htons
bind
sendto
inet_ntoa
accept
WSAAsyncSelect
inet_addr
gethostbyname
ioctlsocket
closesocket
ntohs
recvfrom
setsockopt

Sections

UPX0
Size: 15.5MB - Virtual size: 15.5MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1957f630e8012f096aefd542cbb6ae2

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

iphlpapi

msimg32

netapi32

ole32

oleaut32

oledlg

olepro32

rpcrt4

shell32

shlwapi

urlmon

user32

version

wininet

winmm

winspool.drv

wsock32

Sections

UPX0 Size: 15.5MB - Virtual size: 15.5MB

UPX0
Size: 15.5MB - Virtual size: 15.5MB