4a6299bbcdd03211e3f4ea23ed9034ee

Sharing

Copy URL Twitter E-mail

General

Target

4a6299bbcdd03211e3f4ea23ed9034ee
Size

6.0MB
MD5

4a6299bbcdd03211e3f4ea23ed9034ee
SHA1

4321dd89962d0fee7d7628e8a799ca35d2943cf7
SHA256

acdf2dc517a148febb1c774e0e1d9577cac40d24c5849e6c2643e7440f3cfc83
SHA512

5369cec2740dcb9988c6b22aaf0df5f1ea12d9f3b7a256028a5d9b95b223f27e126f04b82b0f3e62b38ab0ab87af588f55b2d73ba7e48511f7bce94f851146ed
SSDEEP

98304:AiOe0FgAwUiROH5Hwjl4ecAGMUdaVelHxzINC7:bO1lqc5H0l43ueJO47

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a6299bbcdd03211e3f4ea23ed9034ee

Files

4a6299bbcdd03211e3f4ea23ed9034ee
.exe windows:4 windows x86 arch:x86

179171c5b5701170928efe019081282d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_controlfp
__set_app_type

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DragMove
ImageList_Destroy
ImageList_EndDrag
ImageList_DragEnter
ImageList_Draw

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassImageList
SetupDiGetClassDevsW
SetupDiDestroyClassImageList
SetupDiGetClassDescriptionW
SetupDiGetClassImageIndex
SetupDiEnumDeviceInfo

kernel32

GetVersionExA
LocalAlloc
CallNamedPipeA
FormatMessageW
GetCurrentProcess
lstrcmpiW
FindFirstFileW
FindClose
FindResourceExW
CreateMutexW
CreateDirectoryW
HeapCreate
SetHandleCount
FormatMessageA
GetTempPathW
LocalFree
FreeLibrary
ReleaseSemaphore
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualAlloc
OutputDebugStringA
TerminateProcess
SetProcessAffinityMask
InitializeCriticalSection
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateFileMappingW
GetLocaleInfoW
GetFileAttributesW
IsValidCodePage
SetCurrentDirectoryA
SetEnvironmentVariableW
CreateThread
GetFileType
GetStringTypeW
SetEvent
GetShortPathNameW
ReleaseMutex
lstrcpyW
InterlockedDecrement
LockFile
WaitForSingleObjectEx
DeleteFileA
InterlockedCompareExchange
GetStringTypeA
ClearCommBreak
CallNamedPipeW
AddAtomA
AddAtomW
BackupRead
GetStartupInfoA
GetCPInfo
GetSystemInfo
GetModuleHandleA
WinExec
PeekNamedPipe
GlobalFlags
ExitThread
FindNextFileA
UnhandledExceptionFilter
GlobalAlloc
SetThreadAffinityMask
VirtualQuery
EnterCriticalSection
LoadLibraryA
GetLogicalDrives
DeleteCriticalSection
MultiByteToWideChar
Sleep
LeaveCriticalSection
LoadResource
ResumeThread
GetVersionExW
CloseHandle
lstrcmpW
GlobalDeleteAtom
FreeResource
BackupWrite
BackupSeek
SetStdHandle
GetDriveTypeW
ReadConsoleW
WaitNamedPipeW
FindNextFileW
GetCurrentDirectoryW
GetStdHandle
CreateFileW
UnlockFileEx
GetACP
GetOEMCP
SetLastError
GetLastError
ExitProcess
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetVersion
CreateSemaphoreW

user32

RemovePropW
SetScrollPos
MapWindowPoints
SetPropW
DrawEdge
GetLastActivePopup
SetScrollInfo
SetDlgItemTextW
SetDlgItemInt
MoveWindow
CloseClipboard
ClientToScreen
CallNextHookEx
GetScrollRange
GetScrollPos
TrackPopupMenu
ScrollWindow
EndPaint
TrackPopupMenuEx
GetMenu
SetMenu
SetFocus
SetWindowPlacement
GetClassInfoW
DefWindowProcW
SetWindowPos
GetClassInfoExW
CheckRadioButton
BeginPaint
GetScrollInfo
GetWindowLongW
EmptyClipboard
SendMessageW
GetDC
GetMessageTime
GetActiveWindow
TranslateMessage
SetWindowLongW
DispatchMessageW
GetMessageW
CopyIcon
DestroyWindow
GetDlgItemTextW
SetCursor
DrawMenuBar
IsChild
EqualRect
EnumChildWindows
CreateMenu
ScreenToClient
OffsetRect
DrawFocusRect
GetNextDlgTabItem
GetDlgCtrlID
SetRect
GetFocus
GetWindowTextLengthW
WaitForInputIdle
CheckDlgButton
CallWindowProcW
ShowWindow
GetWindowPlacement
GetUpdateRect
IsWindow
ReleaseCapture
SetWindowsHookExW
GetKeyState
GetSubMenu
UnregisterClassW
WinHelpW
CopyRect
SetClipboardData
OpenClipboard
GetCursorPos
ValidateRect
ReleaseDC
WindowFromDC
GetWindow
WindowFromPoint
SendMessageTimeoutW
GetDesktopWindow
UpdateWindow
DeferWindowPos
MessageBoxW
GetWindowRect
SetActiveWindow
GetClientRect
RegisterClassW
ToUnicodeEx
LoadBitmapW
LockWindowUpdate
SetTimer

gdi32

StretchBlt
SetPixelV
CreatePen
CreateFontW
GetPixel
GetClipRgn
ExtTextOutW
GetStockObject
GetDeviceCaps
CreatePalette
SelectObject
SetBkColor
GetWindowExtEx
SetTextColor
CreateSolidBrush
SetGraphicsMode
SetMapMode
SetTextAlign
SetPolyFillMode
StartDocW
PolyDraw
SelectClipPath
SetViewportExtEx
SetViewportOrgEx
GetNearestColor
IntersectClipRect
GetTextExtentPointW
CreateHatchBrush
SetTextJustification
SetDIBitsToDevice
RoundRect
Polygon
GetBkColor
CreateRectRgn
TextOutW
CreateRectRgnIndirect
Escape
ExcludeClipRect
GetObjectType
GetClipBox
GetViewportExtEx
GetTextExtentPoint32W
RestoreDC
DeleteDC
DeleteObject
RectVisible
SaveDC
SelectClipRgn
SelectPalette
SetROP2
SetBkMode
RealizePalette
GetPolyFillMode

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA
RegQueryValueW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
RegOpenKeyW
SetFileSecurityW
IsTextUnicode
RegEnumKeyW
RegSetValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
QueryServiceStatus
RegEnumKeyExW
RegEnumValueW
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
GetFileSecurityW
GetServiceDisplayNameW
RegOpenKeyExW

ole32

CoUninitialize
OleDraw
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
PropVariantCopy
OleInitialize
OleUninitialize
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
OleCreateLinkToFile
OleCreateFromFile
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleSetMenuDescriptor
StgOpenStorage
StgIsStorageFile
CreateFileMoniker
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
CreateStreamOnHGlobal
CreateItemMoniker
OleCreate
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
GetRunningObjectTable
CreateOleAdviseHolder
CreateDataAdviseHolder
GetHGlobalFromILockBytes
OleGetIconOfClass
OleSetContainedObject
OleSaveToStream
OleSave
OleLoad
OleCreateFromData
ReadFmtUserTypeStg
OleRun
OleCreateStaticFromData
OleCreateLinkFromData
CoTaskMemFree
CoTaskMemAlloc
OleRegGetUserType
SetConvertStg
ReleaseStgMedium
StgCreateDocfile
OleDuplicateData
CoCreateInstance
CoDisconnectObject
CoFreeUnusedLibraries
CoGetClassObject
CoGetMalloc
CoInitialize
StgOpenStorageOnILockBytes
StringFromCLSID
StringFromGUID2
WriteClassStm
WriteFmtUserTypeStg
CreateGenericComposite

shlwapi

PathRemoveFileSpecW
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA

Sections

.text
Size: 421KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 641KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

179171c5b5701170928efe019081282d

Headers

File Characteristics

Imports

msvcrt

comctl32

version

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

shlwapi

Sections

.text Size: 421KB - Virtual size: 420KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 14.1MB

UPX0 Size: 641KB - Virtual size: 641KB

.rsrc Size: 4.9MB - Virtual size: 4.9MB

.text
Size: 421KB - Virtual size: 420KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 14.1MB

UPX0
Size: 641KB - Virtual size: 641KB

.rsrc
Size: 4.9MB - Virtual size: 4.9MB