1893c6f2102dd2fddbfa7a7fc4024cabccb3285185d7895a4cb6482deb88a9a5

Sharing

Copy URL

Twitter E-mail

General

Target

1893c6f2102dd2fddbfa7a7fc4024cabccb3285185d7895a4cb6482deb88a9a5
Size

2.0MB
MD5

d42b2d445d5f4648084b34fde96709fc
SHA1

a004de2779ac91351fac94356653b3670034eb5f
SHA256

1893c6f2102dd2fddbfa7a7fc4024cabccb3285185d7895a4cb6482deb88a9a5
SHA512

e1f1d53b5f7be4551bf3c363131f6fac80de6c94c6625c12806e9d962079e6eb8e0b69c7d81e26bbaa5b771eecf70b44c4425b2ae4cfafb0f8b88bf4ccdafa99
SSDEEP

49152:94lGFz+1n2HgkNBa2vpEieIzoJ5vkkcOgTSx9NGjBqZH:9Mo6lajNc2i1jTvxhoE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1893c6f2102dd2fddbfa7a7fc4024cabccb3285185d7895a4cb6482deb88a9a5

Files

1893c6f2102dd2fddbfa7a7fc4024cabccb3285185d7895a4cb6482deb88a9a5
.exe windows:4 windows x86

c1e9fb1f371818d556d6910229f387be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AbortSystemShutdownW
CreateRestrictedToken
AllocateAndInitializeSid
OpenProcessToken
CreateProcessWithLogonW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
GetTokenInformation
StartServiceW
OpenServiceW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
LookupAccountSidW
RegCloseKey
RegCreateKeyExW
ChangeServiceConfig2W
ChangeServiceConfigW
InitiateSystemShutdownW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoW
RegUnLoadKeyW
RegLoadKeyW
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetProvParam
CryptEnumProviderTypesW
CheckTokenMembership
SetServiceStatus
ControlService
DeleteService
FreeSid

gdi32

GetBkColor
StretchBlt
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
RemoveFontResourceW
AddFontResourceW
GetStockObject
SetBkMode
DeleteObject
SelectObject
DeleteDC
GetDeviceCaps
Rectangle
MoveToEx
LineTo
GetTextMetricsW
Polyline
CreateBitmap
CreateEllipticRgn
CreatePen
Ellipse
SetDIBits
SetPixel
SetBkColor
ExtTextOutW
GetPixel
CreateFontW
CreateRectRgn
CombineRgn
SelectPalette
RealizePalette
GetDIBits
CreateDCW
SetTextColor

kernel32

SetNamedPipeHandleState
CreateNamedPipeA
SetFilePointer
DuplicateHandle
CreatePipe
CreateThread
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpi
lstrcmp
LocalFree
GetVersionExW
CreateMutexA
WideCharToMultiByte
CreateFileA
GetFileSizeEx
DeleteFileW
VirtualFree
TlsSetValue
WriteConsoleW
TlsGetValue
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
SetCurrentDirectoryW
WinExec
WriteProcessMemory
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEnvironmentVariableW
ExpandEnvironmentStringsW
HeapReAlloc
GlobalMemoryStatusEx
LockResource
LoadResource
SizeofResource
FindResourceW
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
RemoveDirectoryW
GetProcessTimes
SetEndOfFile
GetLogicalDrives
FormatMessageW
QueryPerformanceCounter
SetConsoleWindowInfo
GetLargestConsoleWindowSize
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
GetSystemTimeAsFileTime
DefineDosDeviceW
VirtualAlloc
QueryDosDeviceW
SetThreadPriority
GetCurrentThread
CopyFileW
WaitNamedPipeW
GlobalMemoryStatus
SleepEx
MoveFileW
MoveFileExW
OpenThread
TerminateThread
SetSystemPowerState
InterlockedExchange
GetACP
GetLocaleInfoA
LoadLibraryExW
RaiseException
FileTimeToSystemTime
SystemTimeToFileTime
ReleaseSemaphore
ResetEvent
DisconnectNamedPipe
GetVolumeInformationW
GetDiskFreeSpaceW
lstrcpy
lstrcpyn
GetHandleInformation
SetLocalTime
SetEnvironmentVariableA
GlobalAddAtomA
GetFileAttributesExW
DeleteVolumeMountPointW
GlobalUnWire
GlobalLock
CreateHardLinkW
VirtualProtect
GetConsoleWindow
SetConsoleScreenBufferSize
AllocConsole
GetFullPathNameW
FileTimeToLocalFileTime
LCMapStringA
GetSystemInfo
GetFileSize
EnumResourceNamesW
GetTempPathW
LCMapStringW
SetVolumeMountPointW
SetVolumeLabelW
GetLongPathNameW
GetTimeZoneInformation
LocalFileTimeToFileTime
GlobalDeleteAtom
Beep
GetFileInformationByHandle
SetFileAttributesW
SetFileTime
OpenEventW
FindFirstFileW
CreateNamedPipeW
CreateMailslotW
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
VirtualQueryEx
VirtualProtectEx
SetThreadContext
GetThreadContext
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
IsBadWritePtr
HeapCreate
HeapDestroy
MultiByteToWideChar
VirtualQuery
TlsFree
GetFileType
SetStdHandle
HeapSize
GetVersionExA
RtlUnwind
WriteFile
GetShortPathNameW
ConnectNamedPipe
GetOverlappedResult
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
GetExitCodeProcess
TerminateJobObject
GetCommandLineW
GetVersion
ReadProcessMemory
LoadLibraryW
WaitForSingleObject
ExitProcess
lstrcat
CreateDirectoryW
CreateProcessW
FindNextFileW
FlushFileBuffers
FindFirstVolumeW
CreateFileW
DeviceIoControl
FindNextVolumeW
FindVolumeClose
GetProcessAffinityMask
GetModuleHandleA
HeapFree
GetModuleFileNameW
IsBadCodePtr
CompareStringA
CompareStringW
SearchPathW
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetErrorMode
GetStdHandle
GetProcessHeap
TlsAlloc
LoadLibraryA
GetProcAddress
CreateFiber
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
GetLocaleInfoW
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentProcessId
OpenFileMappingW
GetLastError
SetLastError
CreateMutexW
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
SetEvent
FreeEnvironmentStringsW
OpenProcess
ReleaseMutex
HeapAlloc
lstrlen
lstrcpynW
lstrcatW
lstrcpyW
lstrcmpW
lstrcmpiW
FindClose
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MulDiv
GetTickCount
GetStartupInfoW
FreeLibrary
lstrlenW
IsBadReadPtr

setupapi

CM_Get_Device_IDW
SetupDiClassNameFromGuidA
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Parent
SetupDiOpenClassRegKey
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiClassGuidsFromNameW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiClassNameFromGuidW
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiChangeState
SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList

shell32

SHGetSpecialFolderPathW
SHChangeNotify
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHFileOperationW
DragAcceptFiles
ShellExecuteExW
SHGetSpecialFolderPathA
DragQueryFileW

shlwapi

StrCmpNA
StrPBrkW
StrCmpIW
wnsprintfW
StrStrA
PathMatchSpecW
StrToIntExW
StrCpyNW
StrStrW
StrStrIW
StrRChrW
StrChrW
StrCmpNW
StrCmpNIA
StrCmpNIW

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
_dllMain_Name@12
_mainB_@8
_mainW@16
_main_@4
main
main1
main5
mainB

Sections

UPX0
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1e9fb1f371818d556d6910229f387be

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

setupapi

shell32

shlwapi

Exports

Exports

Sections

UPX0 Size: 488KB - Virtual size: 488KB

UPX1 Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 8KB - Virtual size: 8KB

.mackt Size: 16KB - Virtual size: 16KB

UPX0
Size: 488KB - Virtual size: 488KB

UPX1
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 8KB - Virtual size: 8KB

.mackt
Size: 16KB - Virtual size: 16KB