056901dbc4713fbff2d5db040fc07949

Sharing

Copy URL Twitter E-mail

General

Target

056901dbc4713fbff2d5db040fc07949
Size

312KB
MD5

056901dbc4713fbff2d5db040fc07949
SHA1

9817c173a32b2b89e5b148524538b79e76369a56
SHA256

1e3f9abb83b17f7a76600cf0db075d7c408a6eeaabd1203e326c8a4bfae7e5f2
SHA512

6f4fdc826e6f4e9d37660efabba1c0efd378b00b3bb0bf074bb263ce7726e41d6be47529dac936fde0c698ee78618ad55c869d2f3e94994c9acf9e5fac9ddc05
SSDEEP

6144:CMoufzbWua0EvvTbZonJfIcPyBwnj51aY0icQ1z86lMXp4O:R2T9AcQBblMh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
056901dbc4713fbff2d5db040fc07949

Files

056901dbc4713fbff2d5db040fc07949
.dll regsvr32 windows:4 windows x86 arch:x86

ebc1732937ee4709edaff8eadc0c97e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FindFirstFileA
FindNextFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetExitCodeProcess
TerminateProcess
MulDiv
GetLocaleInfoA
GetVersion
GetLastError
lstrcmpA
FreeLibrary
lstrcpynA
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
WriteFile
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
CreateThread
ResumeThread
GetWindowsDirectoryA
lstrlenA
GetSystemDirectoryA
OpenFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetUserDefaultLangID
CopyFileA
DeleteFileA
GetModuleFileNameA
Sleep
GetVersionExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteValueA

crypt32

CertOpenSystemStoreA
CertCloseStore

gdi32

DeleteObject
GetDeviceCaps
SetPixel
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateSolidBrush
SetTextColor
SetBkColor
BitBlt

mfc42

msvcrt

srand
sprintf
__CxxFrameHandler
??1type_info@@UAE@XZ
_strcmpi
_wcsicmp
_strlwr
_CxxThrowException
atoi
rand
_mbscmp
realloc
strstr
printf
asctime
localtime
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_ftol
_adjust_fdiv
free
malloc
atof
time
fclose
fputs
fopen

ole32

CoInitialize
CoCreateInstance

oleaut32

olepro32

shell32

ShellExecuteA

shlwapi

SHDeleteKeyA

user32

FindWindowExA
CallWindowProcA
SetWindowLongA
SetForegroundWindow
GetDlgItemTextA
MessageBoxW
MessageBoxA
GetParent
PostMessageA
IsWindow
SetWindowTextA
EndDialog
SendMessageA
GetDlgItem
ShowWindow
SetDlgItemTextA
ReleaseDC
ScreenToClient
ClientToScreen
GetCursorPos
GetDesktopWindow
GetWindowRect
SetWindowPos
IsCharAlphaNumericA
wsprintfA
EnableWindow
GetSystemMetrics
DialogBoxParamA
GetDC
GetWindowDC

wininet

FtpFindFirstFileA
InternetWriteFile
FtpCreateDirectoryA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
FtpOpenFileA
InternetFindNextFileA
InternetOpenUrlA
InternetReadFile

ws2_32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebc1732937ee4709edaff8eadc0c97e4

Headers

File Characteristics

Imports

kernel32

advapi32

crypt32

gdi32

mfc42

msvcrt

ole32

oleaut32

olepro32

shell32

shlwapi

user32

wininet

ws2_32

Exports

Exports

Sections

UPX0 Size: 304KB - Virtual size: 304KB

.rsrc Size: 3KB - Virtual size: 4KB

.avc Size: 4KB - Virtual size: 4KB

UPX0
Size: 304KB - Virtual size: 304KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avc
Size: 4KB - Virtual size: 4KB