3120e9677a5d6915456fb7aaa7239ba8

Sharing

Copy URL

Twitter E-mail

General

Target

3120e9677a5d6915456fb7aaa7239ba8
Size

189KB
MD5

3120e9677a5d6915456fb7aaa7239ba8
SHA1

23d273ad45a16fca0d74b7d37a6aa956b8ce4807
SHA256

26daf4c7e0033f9055150b61904046545299c97f4c2274c7bd5fd0978ce98cef
SHA512

4f3fb7892e9112254b5cde809b8c4969100d9300168c246d6fdcf892bb807a89f6c1b124b00790cf80dfaad289fe01a74a0419b149ff1bc540473b49247bba7d
SSDEEP

3072:GvNirQr2OrelD/D/uTWu1wb70I6CFIBEbchImEjftyODf7vE6ZoOd:XtweVunM7XRMXETtY6O8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3120e9677a5d6915456fb7aaa7239ba8

Files

3120e9677a5d6915456fb7aaa7239ba8
.exe windows:2 windows x86 arch:x86

8e96622940c5c21968d880746dfd6663

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
OutputDebugStringW
OutputDebugStringA
lstrlenW
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
SetLastError
lstrcmpiW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
ReleaseMutex
SetEvent
Sleep
CreateMutexA
WaitForMultipleObjects
CreateEventA
CreateFileA
CreateProcessA
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
GlobalFree
CloseHandle
DeviceIoControl
CreateFileW
GetVersionExW
GlobalAlloc
GetLastError
WaitForSingleObject
GetConsoleMode
SetFilePointer
InterlockedIncrement
GetCPInfo
RtlUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetCommandLineA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
ExitProcess
VirtualFree
HeapCreate
GetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsSetValue
VirtualAlloc
GetSystemTime

user32

CharNextW
IsWindow
PostMessageW
CharUpperW

winspool.drv

GetPrinterW
GetPrinterDataW
EnumPrintersW
GetPrinterDriverW
EnumPrinterDriversW
ClosePrinter
XcvDataW
OpenPrinterW
SetPrinterW
EnumPortsW

advapi32

RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
IsTextUnicode

ole32

CoCreateInstance
CoUninitialize
CoGetObject
StringFromGUID2

shlwapi

StrToIntExW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceRegKey
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

cmutil

GetOSVersion

tapi32

lineBlindTransfer
lineBlindTransferW
internalCreateDefLocation
lineAddToConference
lineGetIconW
lineSetQueueMeasurementPeriod
MMCAddProvider
phoneGetHookSwitch
lineGetCountryA
lineHandoff
lineCompleteCall
lineSetAgentMeasurementPeriod
MMCGetLineInfo
lineGetProviderListA
lineGatherDigitsA
lineConfigDialogEditA
lineGetAddressStatusA
phoneConfigDialog
lineGetStatusMessages
phoneGetIconW
phoneGetID
lineInitializeExW
phoneGetDevCapsW
MMCGetDeviceFlags
lineGetAddressCapsW
MMCGetProviderList
lineGetAgentCapsW
phoneSetRing
lineParkA
MMCGetPhoneInfo
lineRemoveFromConference
lineInitialize
lineGatherDigitsW
lineGenerateDigitsA
phoneSetVolume
LocWizardDlgProc
lineTranslateDialog
tapiGetLocationInfoW
lineGetAgentGroupListW
phoneGetIDW

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 512B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e96622940c5c21968d880746dfd6663

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

ole32

shlwapi

setupapi

cmutil

tapi32

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 5KB - Virtual size: 4KB

UPX0 Size: 3KB - Virtual size: 31KB

UPX1 Size: 512B - Virtual size: 15KB

.data Size: 140KB - Virtual size: 281KB

UPX2 Size: 512B - Virtual size: 49KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 8KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 5KB - Virtual size: 4KB

UPX0
Size: 3KB - Virtual size: 31KB

UPX1
Size: 512B - Virtual size: 15KB

.data
Size: 140KB - Virtual size: 281KB

UPX2
Size: 512B - Virtual size: 49KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 8KB