baaa3c00e25ab856f865c71fc990bc3b7b30f18a14e198ae6b3f5ff736e89cdb

Sharing

Copy URL Twitter E-mail

General

Target

baaa3c00e25ab856f865c71fc990bc3b7b30f18a14e198ae6b3f5ff736e89cdb
Size

6.3MB
MD5

7d596b053f7c03ef8a4225312590dfc5
SHA1

f884b662bb372e5144e82bfc39bc44c7943e0a8d
SHA256

baaa3c00e25ab856f865c71fc990bc3b7b30f18a14e198ae6b3f5ff736e89cdb
SHA512

e2b9309a72954597385638f620fb6d43b216b90bb71e856563069b79e08f031a78fa6976a56bacc625c6632232c9d127e2a5be3c316ba41d414f59185332319b
SSDEEP

98304:lwyM28LEcpvzQrAD+xmieoltv4EHnfRqMBE4Z4T/SWDSTH8viXRESDLYb:l+1rQrAXiVRqMHwSWDwYWRY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baaa3c00e25ab856f865c71fc990bc3b7b30f18a14e198ae6b3f5ff736e89cdb

Files

baaa3c00e25ab856f865c71fc990bc3b7b30f18a14e198ae6b3f5ff736e89cdb
.exe windows:6 windows x86

9093bfd3817812febbff8c60682b2fe9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
RaiseException
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
OpenThread
GetThreadContext
OpenProcess
GlobalMemoryStatusEx
GetSystemInfo
GetLocalTime
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LocalAlloc
LocalFree
FormatMessageA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
K32GetProcessMemoryInfo
GlobalUnlock
GlobalLock
lstrlenW
SetLastError
lstrcpynA
HeapAlloc
HeapFree
GetProcessHeap
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
MulDiv
GetSystemTimeAsFileTime
GetTickCount
ExitThread
TerminateThread
GetExitCodeThread
ResumeThread
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapSize
HeapReAlloc
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
CreateThread
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
CreateDirectoryA
GetCurrentDirectoryA
CreateEventA
Sleep
WaitForSingleObject
SetEvent
WriteConsoleW
CloseHandle
GetDriveTypeW
CreateFileW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InitializeSListHead
GetStartupInfoW
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetModuleHandleW
SetEndOfFile
LCMapStringEx
MultiByteToWideChar
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WideCharToMultiByte
WaitForSingleObjectEx
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

SetTimer
MessageBoxA
DialogBoxIndirectParamA
EndDialog
GetDlgItem
SendMessageA
SendDlgItemMessageA
SetFocus
GetClientRect
OffsetRect
GetWindowLongA
SetWindowLongA
SetDlgItemTextA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
CallWindowProcA
PeekMessageA
DeleteMenu
GetMenu
KillTimer
GetDC
LoadIconA
LoadMenuA
DestroyMenu
EnableMenuItem
GetSubMenu
TrackPopupMenu
ClientToScreen
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
PostQuitMessage
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
MoveWindow
DialogBoxParamA
UpdateWindow
BeginPaint
EndPaint
LoadCursorA
GetWindowTextLengthA
GetWindowRect
MsgWaitForMultipleObjects

gdi32

CreateFontA
GetStockObject
GetDeviceCaps

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal

winmm

timeGetTime

ws2_32

WSARecv
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSASetEvent
WSAWaitForMultipleEvents
WSACreateEvent
WSASend
WSAIoctl
WSASocketW

dbghelp

SymGetLineFromAddr64
MiniDumpWriteDump
SymGetTypeFromName
UnDecorateSymbolName
StackWalk64
SymSetOptions
SymCleanup
SymFunctionTableAccess64
SymGetModuleBase64
SymEnumSymbols
SymInitialize
SymSetContext
SymFromAddr
SymGetTypeInfo

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9093bfd3817812febbff8c60682b2fe9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

ws2_32

dbghelp

Sections

.text Size: 388KB - Virtual size: 388KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 208KB - Virtual size: 208KB

UPX0 Size: 2.0MB - Virtual size: 2.0MB

UPX1 Size: 4KB - Virtual size: 4KB

UPX2 Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.l1 Size: 13KB - Virtual size: 13KB

.text
Size: 388KB - Virtual size: 388KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 208KB - Virtual size: 208KB

UPX0
Size: 2.0MB - Virtual size: 2.0MB

UPX1
Size: 4KB - Virtual size: 4KB

UPX2
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.l1
Size: 13KB - Virtual size: 13KB