416f5535ffd00179b7428812a2fcfadf

Sharing

Copy URL Twitter E-mail

General

Target

416f5535ffd00179b7428812a2fcfadf
Size

493KB
MD5

416f5535ffd00179b7428812a2fcfadf
SHA1

bb4b4f04ba98ed851d43bf6a41cfa08be9edf477
SHA256

24906c6f0998dfdff7637758ea8c724fbfad0b3397f953ba4eb3c7face9fbf1e
SHA512

23ee50c19c01bc7a4a163b5de367161f5ec421308eb5001702d67ebc6361ebad2a55b656db84af2822349ea31e4a58fed39e3c56f8d4e1978ac93803c44e7abe
SSDEEP

12288:345jYWsFGfqBeL1YuicgyyQpoPOEtgE9gFK:345jPrAu19gMpoP6E9gFK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
416f5535ffd00179b7428812a2fcfadf

Files

416f5535ffd00179b7428812a2fcfadf
.exe windows:4 windows x86 arch:x86

1d9832f3d5c580242b03037a0642e1af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
CreateEventA
WaitForSingleObject
SetEvent
GetFileSize
EnterCriticalSection
SetEndOfFile
ReadFile
SetFilePointer
WriteFile
SetFileTime
lstrlenA
GetProcAddress
LoadLibraryA
GetLastError
CreateMutexA
GetExitCodeProcess
CreateProcessA
WritePrivateProfileStringA
GetWindowsDirectoryA
MoveFileExA
GetVersion
GetSystemTime
TerminateProcess
OpenProcess
GetComputerNameA
GetLocaleInfoA
GlobalMemoryStatus
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
GetThreadPriority
SetPriorityClass
GetPriorityClass
GetCurrentProcess
ExpandEnvironmentStringsA
Sleep
GetSystemDirectoryA
GetCurrentThreadId
MulDiv
FlushInstructionCache
CopyFileA
LocalFree
FormatMessageA
WideCharToMultiByte
lstrlenW
FreeResource
GlobalFree
GlobalHandle
LockResource
LoadResource
FindResourceA
GlobalAlloc
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
FindFirstFileA
OpenFileMappingA
SizeofResource
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FileTimeToLocalFileTime
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
SetStdHandle
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
SetLastError
TlsFree
TlsAlloc
HeapSize
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
FatalAppExitA
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
ExitProcess
GetLocalTime
GetTimeZoneInformation
HeapFree
ExitThread
TlsSetValue
CreateThread
RaiseException
RtlUnwind
InterlockedExchange
FindNextFileA
FindClose
CreateDirectoryA
GetFileAttributesA
GetEnvironmentVariableA
GetCurrentThread
GetThreadContext
SetCurrentDirectoryA
IsBadReadPtr
VirtualQuery
CreateFileMappingA
MapViewOfFile
GetModuleFileNameA
UnmapViewOfFile
SystemTimeToFileTime
FileTimeToSystemTime
lstrcatA
GetTempPathA
GetTempFileNameA
lstrcpyA
CreateFileA
CloseHandle
FreeLibrary
lstrcmpA
DeleteFileA

advapi32

GetUserNameA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

gdi32

GetDeviceCaps
DeleteObject
CreateFontA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
GetStockObject
GetObjectA

ole32

OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

setupapi

SetupIterateCabinetA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

user32

FindWindowA
GetWindowThreadProcessId
PostMessageA
GetSystemMetrics
wsprintfA
ReleaseDC
GetDC
MoveWindow
ScreenToClient
GetParent
SendMessageA
BeginPaint
RedrawWindow
GetClassNameA
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRgn
MapWindowPoints
SystemParametersInfoA
SetForegroundWindow
GetWindowRect
GetClientRect
MessageBoxA
EnumChildWindows
PeekMessageA
CharNextA
CharUpperA
CharLowerA
CharUpperW
CharLowerW
CreateWindowExA
IsWindow
FillRect
EndPaint
CallWindowProcA
GetFocus
IsChild
GetSysColor
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
GetWindow
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
CreateDialogIndirectParamA
DestroyWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
LoadIconA
RegisterClassExA
PostQuitMessage
SetWindowLongA
CreateDialogParamA
EnableWindow
ShowWindow
SetWindowPos
SetFocus
SetWindowTextA
SetTimer
KillTimer
EndDialog
GetDlgItem
GetActiveWindow
DialogBoxParamA
InvalidateRect

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

timeGetTime

wsock32

WSACleanup
gethostbyname
gethostname
WSAStartup
recv
send
getsockopt
getsockname
getpeername
accept
listen
inet_addr
inet_ntoa
connect
WSAGetLastError
socket
closesocket
shutdown
bind
htonl
htons
setsockopt

Sections

UPX0
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d9832f3d5c580242b03037a0642e1af

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

oleaut32

setupapi

shell32

user32

version

winmm

wsock32

Sections

UPX0 Size: 476KB - Virtual size: 476KB

.rsrc Size: 4KB - Virtual size: 8KB

.avc Size: 6KB - Virtual size: 8KB

UPX0
Size: 476KB - Virtual size: 476KB

.rsrc
Size: 4KB - Virtual size: 8KB

.avc
Size: 6KB - Virtual size: 8KB