650eaea3257af2dd291205b124a0d973c83cebcfd2f1da7d7658987b5c070e66

Sharing

Copy URL Twitter E-mail

General

Target

650eaea3257af2dd291205b124a0d973c83cebcfd2f1da7d7658987b5c070e66
Size

13.4MB
MD5

1f5b5ad7e042636ac6ba85eb3faea9be
SHA1

8bc5063b331aed912cd99d9437670655f8e2c9d4
SHA256

650eaea3257af2dd291205b124a0d973c83cebcfd2f1da7d7658987b5c070e66
SHA512

17ad7fe350c3839b50408ea3b1f3a61b6cc5e7736ff91167b682bc914f6201eaaf2ac69c931112941a8f84e4aea170ab2b289daf924bea9cbbf0051e43fe3062
SSDEEP

196608:4DCsOl1xELPLhdIBhhXa2lgLmtrAxGEqAINDG+sgf+T4NBZzhJPKb:4s1qP3sLXa2lMDxTatf3Nj

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
650eaea3257af2dd291205b124a0d973c83cebcfd2f1da7d7658987b5c070e66

Files

650eaea3257af2dd291205b124a0d973c83cebcfd2f1da7d7658987b5c070e66
.exe windows:6 windows x64

d6bdbd0c7f668631c18b656be9487693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindNextFileW
GetFileAttributesW
GetLastError
SetLastError
CreatePipe
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetSystemInfo
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
GlobalFlags
MultiByteToWideChar
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
ResetEvent
GlobalDeleteAtom
GlobalAddAtomW
GetSystemTimeAsFileTime
GetLocalTime
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
WriteFile
SetFilePointerEx
SetFilePointer
ReadFile
CreateFileW
MoveFileW
WriteConsoleW
SetEndOfFile
HeapSize
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
ExitProcess
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
GetCommandLineW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStdHandle
GetCommandLineA
GetModuleHandleExW
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
VirtualProtect
FreeLibrary
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
GetTickCount
GetCurrentThreadId
DebugBreak
MulDiv
GlobalFree
WideCharToMultiByte
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualFree
IsDebuggerPresent
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteFileW
LoadLibraryW
GetProcAddress
Sleep
OpenProcess
TerminateProcess
GetCurrentProcessId
CloseHandle
SetThreadContext
GetThreadContext
CreateProcessA
LoadLibraryA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
GetModuleHandleA
ExitThread
GetStartupInfoW
VirtualAlloc
FlushFileBuffers
GlobalAlloc
ResumeThread
SetThreadPriority
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
GetTimeZoneInformation
WritePrivateProfileStringW
SetCurrentDirectoryW
LCMapStringW
GetPrivateProfileStringW
DeleteCriticalSection
GlobalLock
GlobalUnlock
IsValidCodePage

user32

RegisterHotKey
UnregisterHotKey
MonitorFromWindow
EnumWindows
wsprintfW
LoadIconW
GetParent
GetWindowLongPtrW
SetPropW
CreateWindowExW
GetClassInfoW
RegisterClassW
DefWindowProcW
WaitForInputIdle
RemovePropW
GetPropW
GetDesktopWindow
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
SendMessageW
LoadStringW
ReleaseDC
GetDC
PtInRect
PeekMessageW
LoadCursorW
MessageBoxA
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
GetMessageW
GetFocus
GetActiveWindow
SetFocus
SetWindowLongW
GetWindowLongW
FindWindowW
MessageBoxW
ShowWindow
DestroyWindow
IsWindow
GetWindowInfo
LoadImageW

gdi32

GetObjectW
SetDIBColorTable
CreateDIBSection
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

StartServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
RegQueryValueExA
RegOpenKeyExA
RegQueryValueW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenServiceW

shell32

DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create

hpsocket_u

HP_Create_TcpPackClient
HP_Destroy_TcpPackClient

libcurl

curl_global_init
curl_easy_init
curl_easy_setopt
curl_slist_free_all
curl_easy_perform
curl_slist_append
curl_easy_pause
curl_easy_cleanup
curl_global_cleanup

deelxtoolexx64

DeelxTool_Create
DeelxTool_CopyConstruct
DeelxTool_Destory
DeelxTool_GetMatchText
DeelxTool_IsMatch
DeelxTool_MatchNext
DeelxTool_Match

xcgui

XShapeText_SetText
XShapePic_SetImage
XC_GetDefaultFont
XEle_GetWidth
XEle_GetHeight
XEle_EnableTopmost
XEle_SetUserData
XEle_GetUserData
XEle_SetCapture
XShape_GetHeight
XDraw_SetBrushColor
XDraw_SetTextAlign
XDraw_SetFont
XDraw_EnableSmoothingMode
XDraw_FillRect
XDraw_DrawRect
XDraw_DrawLine
XEle_SetPosition
XAnima_Move
XDraw_DrawArc
XDraw_SetLineWidth
XDraw_FillEllipse
XC_SetDefaultFont
XBtn_GetState
XBtn_GetGroupID
XBtn_GetText
XBtn_SetIcon
XAdListView_Create
XAdListView_Group_AddColumn
XAdListView_Group_AddItemText
XAdListView_Group_SetTextEx
XAdListView_Group_SetImageEx
XAdListView_Item_AddColumn
XAdListView_Item_AddItemTextEx
XAdListView_Item_SetTextEx
XEdit_EnableAutoWrap
XEdit_EnableMultiLine
XEdit_EnablePassword
XEdit_SetPasswordCharacter
XEdit_SetTextAlign
XEle_SetCursor
XEle_EnableMouseThrough
XEle_EnableSwitchFocus
XEle_SetRect
XEle_SetRectLogic
XEle_GetRectLogic
XEle_SetTextColor
XEle_GetChildByIndex
XEle_SetPadding
XEle_SetMaxSize
XEle_RedrawRect
XShape_GetRect
XEle_AddBkFill
XEle_AddBkImage
XEle_ClearBkInfo
XFont_CreateEx
XFont_EnableAutoDestroy
XImage_SetTranColor
XLayoutBox_SetAlignH
XLayoutBox_SetSpace
XLayoutBox_SetSpaceRow
XListBox_SetItemTemplateXML
XListBox_GetTemplateObject
XListView_BindAdapter
XListView_SetItemTemplateXML
XListView_GetTemplateObject
XListView_EnableMultiSel
XListView_SetColumnSpace
XListView_SetRowSpace
XListView_SetItemSize
XListView_GetItemSize
XListView_SetGroupHeight
XListView_GetGroupHeight
XListView_Group_GetCount
XListView_Item_GetCount
XListView_Item_GetTextEx
XRes_GetBkM
XSView_SetTotalSize
XSView_SetScrollBarSize
XShape_GetWidth
XShapeText_Create
XShapeText_SetTextAlign
XWnd_SetXCTimer
XWidget_LayoutItem_EnableWrap
XWidget_LayoutItem_SetWidth
XWidget_LayoutItem_SetHeight
XWidget_LayoutItem_SetMargin
XObj_SetTypeEx
XProgBar_EnableShowText
XWidget_GetUID
XWidget_GetName
XDraw_SetLineWidthF
XDraw_DrawEllipse
XDraw_ImageEx
XDraw_ImageAdaptive
XDraw_TextOutEx
XEle_GetPosition
XEle_SetSize
XAnima_ScaleSize
XAnimaScale_SetPosition
XEle_SetBkInfo
XDraw_ImageMaskEllipse
XImage_SetScaleSize
XEle_SetZOrder
XC_GetTextShowRect
XC_LoadLayoutZipMem
XSvg_SetRotateAngle
XDraw_TextOut
XDraw_DrawText
XImage_SetDrawType
XImage_LoadMemory
XInitXCGUI
XC_LoadStyleZipMem
XC_LoadResourceZipMem
XWidget_SetName
XWidget_SetUID
XWidget_SetID
XWnd_SetTransparentType
XSView_Create
XProgBar_SetPos
XProgBar_SetRange
XListView_Create
XListBox_Create
XLayout_Create
XEle_SetToolTip
XEle_DrawEle
XEle_GetStateFlags
XEle_AddBkBorder
XEle_SetHeight
XEle_SetWidth
XEle_GetRect
XEle_IsEnable
XEle_Create
XEdit_GetLength
XEdit_GetText
XEdit_SetText
XEdit_Create
XComboBox_GetState
XComboBox_Create
XBtn_SetText
XBtn_SetTextAlign
XBtn_SetGroupID
XBtn_SetState
XBtn_Create
XWidget_IsShow
_XEle_RemoveEvent
_XEle_RegEvent
_XWnd_RemoveEvent
_XWnd_RegEvent
XShape_SetSize
XWidget_GetID
XShapeText_SetTextColor
XEle_Enable
XEdit_EnableReadOnly
XBtn_SetCheck
XBtn_IsCheck
XWidget_Show
XC_EnableAutoDPI
XDraw_D2D_Clear
XC_LoadLayout
XAnima_Start
XAnima_Stop
XAnima_Rotate
XAnima_Create
XAnima_Release
XAnima_Run
XSvg_Release
XSvg_SetPosition
XSvg_LoadStringW
XDraw_DrawSvgSrc
XDraw_ImageSuper
XWnd_Show
XWnd_KillXCTimer
XWnd_MaxWindow
XWnd_SetTop
XWnd_SetRect
XWnd_GetRect
XWnd_AdjustLayout
XWnd_GetDrawRect
XWnd_SetBorderSize
XWnd_DrawWindow
XWnd_Redraw
XWnd_GetHWND
XShape_Destroy
XEle_SetBkManager
XRes_GetFont
XRes_GetColor
XRes_GetImage
XImage_EnableAutoDestroy
XImage_SetDrawTypeAdaptive
XImage_LoadFile
XEle_AdjustLayout
XEle_Destroy
XEle_Redraw
XEle_GetWndClientRect
XObj_GetTypeBase
XExitXCGUI
XRunXCGUI
XC_GetObjectByName
XC_IsShape
XC_IsHELE
XEle_EnableBkTransparent
XC_GetObjectByUID

ws2_32

WSAAsyncSelect
socket
send
select
recv
listen
inet_ntoa
htons
htonl
getpeername
ioctlsocket
connect
closesocket
bind
accept
WSACleanup
WSAStartup

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDrawImageRectI
GdipSetCompositingMode
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight

Exports

Exports

??0CMD5@@QEAA@XZ
??0CRC4@@QEAA@XZ
??1CMD5@@QEAA@XZ
??1CRC4@@QEAA@XZ
??4CMD5@@QEAAAEAV0@AEBV0@@Z
??4CRC4@@QEAAAEAV0@AEBV0@@Z
?CalcHash@CMD5@@QEAA_NPEAEH0@Z
?DecryptData@CRC4@@QEAA_NPEAEH0H@Z
?EncryptData@CRC4@@QEAA_NPEAEH0H@Z
?GetBaseData@CMD5@@QEAAXPEAE@Z
?HashDigestSize@CMD5@@QEAAIXZ
?InitHash@CMD5@@QEAA_NPEAE@Z
?InitKey@CRC4@@QEAA_NPEAEH@Z
?InitStateAndTemp@CRC4@@AEAAXXZ
?KeyMaxSize@CRC4@@QEAAIXZ
?KeyMinSize@CRC4@@QEAAIXZ
?KeyStream@CRC4@@AEAAXH@Z
?Md5Calc@CMD5@@AEAAXXZ
?RangeState@CRC4@@AEAAXXZ
?SetBaseData@CMD5@@AEAAXPEAE@Z
?SetCalcData@CMD5@@AEAAXPEAE@Z
?SetKey@CRC4@@AEAA_NPEAEH@Z

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6bdbd0c7f668631c18b656be9487693

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

hpsocket_u

libcurl

deelxtoolexx64

xcgui

ws2_32

ntdll

gdiplus

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 370KB - Virtual size: 370KB

.data Size: 2.0MB - Virtual size: 2.1MB

.pdata Size: 46KB - Virtual size: 46KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 9.7MB - Virtual size: 9.7MB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 370KB - Virtual size: 370KB

.data
Size: 2.0MB - Virtual size: 2.1MB

.pdata
Size: 46KB - Virtual size: 46KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 9.7MB - Virtual size: 9.7MB

.reloc
Size: 11KB - Virtual size: 10KB