f6285014cc7c5147c212a42777bef8f2

Sharing

Copy URL

Twitter E-mail

General

Target

f6285014cc7c5147c212a42777bef8f2
Size

295KB
MD5

f6285014cc7c5147c212a42777bef8f2
SHA1

8b0222f95232a250e4b5112fb1ccf73e0d5b57cb
SHA256

e25361e941919185c9d91bb0e89c6013ae6764b0be8617b20e757315d82a2249
SHA512

7149fb6de210a22f91a9a32efc9b6ef257a117b1cd0ab8e3da5eb1a4b4184023fa94add544bd5796f0d193ad04f1f9c78999ba838e09b477234fcaf637433531
SSDEEP

6144:lizlam4TnZKzNGS76zJiLMg26irsQQzmQU4+an7eWyqsm:wzlamcnZu4keJNg26ioQQzmQuaX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6285014cc7c5147c212a42777bef8f2

Files

f6285014cc7c5147c212a42777bef8f2
.dll regsvr32 windows:4 windows x86 arch:x86

2ef3e5879f41c28722e0cb2dcf813c4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
LocalFree
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetVersionExA
GetCurrentProcessId
TerminateThread
FindResourceA
DeleteFileA
Sleep
QueryPerformanceCounter
GetTickCount
lstrlenA
GetShortPathNameA
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyA
lstrcatA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
QueryPerformanceFrequency

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ImageList_LoadImageA
ImageList_Create

gdi32

CreateBitmap
CreatePatternBrush
CreateDIBSection
SetBkColor
SetBrushOrgEx
SetTextColor
SetBkMode
CreateFontA
CreateFontIndirectA
EnumFontFamiliesExA
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
PatBlt
DeleteDC

msvcp60

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

msvcrt

wcslen
_itoa
realloc
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
wcscpy
_CxxThrowException
wcstod
free
memset
exit
time
localtime
mktime
difftime
strtok
_purecall
wcstol
??3@YAXPAX@Z
memmove
__CxxFrameHandler
memcpy
memcmp
??2@YAPAXI@Z

ole32

ReleaseStgMedium
RegisterDragDrop
OleRun
CoUninitialize
CoInitialize
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance

oleaut32

VariantInit
SysAllocStringByteLen
DispCallFunc
LoadRegTypeLi
VariantClear
SysStringLen
SysAllocStringLen
LoadTypeLi
RegisterTypeLi
SysAllocString
SysFreeString
SysStringByteLen
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
VariantChangeType
GetErrorInfo
SafeArrayCreate

olepro32

ord253

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

user32

AppendMenuA
TranslateMessage
DispatchMessageA
CheckMenuRadioItem
GetComboBoxInfo
SetActiveWindow
MoveWindow
DrawFrameControl
DrawEdge
ShowWindow
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindowLongA
GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
CharNextA
GetSysColor
SetFocus
FrameRect
InflateRect
OffsetRect
GetSysColorBrush
GetMenuItemInfoA
UpdateWindow
CallNextHookEx
GetSystemMetrics
DrawTextA
CreatePopupMenu
GetWindowDC
SystemParametersInfoA
SetRectEmpty
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
DestroyMenu
LoadImageA
CopyRect
SetCursor
GetKeyState
GetWindowRect
MapWindowPoints
TrackPopupMenu
ScreenToClient
GetMessagePos
CreateWindowExA
wsprintfA
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetClientRect
SetWindowPos
CallWindowProcA
DestroyWindow
SendMessageA
ReleaseCapture
CreateAcceleratorTableA
GetDC
ReleaseDC
GetDesktopWindow
IsWindow
BeginPaint
FillRect
EndPaint
GetFocus
MessageBoxA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 200KB - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ef3e5879f41c28722e0cb2dcf813c4e

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

msvcp60

msvcrt

ole32

oleaut32

olepro32

shell32

urlmon

user32

Exports

Exports

Sections

UPX0 Size: 200KB - Virtual size: 204KB

UPX1 Size: 75KB - Virtual size: 76KB

.rsrc Size: 15KB - Virtual size: 15KB

UPX0
Size: 200KB - Virtual size: 204KB

UPX1
Size: 75KB - Virtual size: 76KB

.rsrc
Size: 15KB - Virtual size: 15KB