4d5075eca88d12cd728d29244499b82f

Sharing

Copy URL Twitter E-mail

General

Target

4d5075eca88d12cd728d29244499b82f
Size

172KB
MD5

4d5075eca88d12cd728d29244499b82f
SHA1

3cca72419d9b20e4e5d2f6928a0d76a27ff4a8e1
SHA256

b0f305989e30844dd73be6cba9dd891e3e1170fa92f75e9a509521a0973d638f
SHA512

a198d20f54c915ec77517e5bc3e290abf10f27a8abee9678de5ff2c6a34d4527333136362021edd4f3bd77a2c4a35f966052af614df17dd0bf31a84624293735
SSDEEP

3072:wAUWldmNCbIsKM12ai+RbOPc5ipkZuR/R2PPO8zgHcfxgqUUx/d7DgJQHcfxgbQn:JU6PKM1tbp4CipkZuRp2lgHcfxgqNx/G

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d5075eca88d12cd728d29244499b82f

Files

4d5075eca88d12cd728d29244499b82f
.exe windows:4 windows x86 arch:x86

4a961986a2cc30e813c45d3154c654ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
EnumServicesStatusA
OpenSCManagerA
CloseServiceHandle
StartServiceA
StartServiceCtrlDispatcherA
QueryServiceStatus
GetUserNameA
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyA
CreateServiceA
GetServiceDisplayNameA
ControlService
DeleteService
RegDeleteKeyA
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyA

kernel32

ord23
ord10
LocalFree
FreeLibrary
LoadLibraryA
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetVersionExA
WinExec
GetVersion
lstrcmpA
GetShortPathNameA
DeviceIoControl
InterlockedDecrement
OpenMutexA
GetSystemDirectoryA
GetLocalTime
lstrlenW
MultiByteToWideChar
GetTimeZoneInformation
SetFilePointer
GetModuleFileNameA
GetExitCodeThread
TerminateThread
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
CreateFileA
GetFileSize
VirtualAlloc
VirtualFree
CopyFileA
GetComputerNameA
GlobalMemoryStatus
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
CreatePipe
WriteFile
PeekNamedPipe
lstrlenA
CloseHandle
GetLastError
CreateMutexA
MoveFileA
GetCurrentProcess
TerminateProcess
OpenProcess
ReleaseMutex
WaitForSingleObject
ExitThread
Sleep
FindCloseChangeNotification
FindFirstChangeNotificationA
FindClose
FileTimeToSystemTime
FindFirstFileA
GetFileAttributesA
DeleteFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTempPathA
GetCurrentProcessId
lstrcpyA
WideCharToMultiByte
CreateProcessA
GetStartupInfoA
GetExitCodeProcess
CreateThread
CreateEventA
LocalAlloc
GetDriveTypeA
FindNextFileA
GetTickCount
RemoveDirectoryA
CreateDirectoryA
CreateRemoteThread
WriteProcessMemory
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
SetEvent
CreateNamedPipeA
GetWindowsDirectoryA
ord23
ord10
LocalFree
FreeLibrary
LoadLibraryA
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GetVersionExA
WinExec
GetVersion
lstrcmpA
GetShortPathNameA
DeviceIoControl
InterlockedDecrement
OpenMutexA
GetSystemDirectoryA
GetLocalTime
lstrlenW
MultiByteToWideChar
GetTimeZoneInformation
SetFilePointer
GetModuleFileNameA
GetExitCodeThread
TerminateThread
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
CreateFileA
GetFileSize
VirtualAlloc
VirtualFree
CopyFileA
GetComputerNameA
GlobalMemoryStatus
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
CreatePipe
WriteFile
PeekNamedPipe
lstrlenA
CloseHandle
GetLastError
CreateMutexA
MoveFileA
GetCurrentProcess
TerminateProcess
OpenProcess
ReleaseMutex
WaitForSingleObject
ExitThread
Sleep
FindCloseChangeNotification
FindFirstChangeNotificationA
FindClose
FileTimeToSystemTime
FindFirstFileA
GetFileAttributesA
DeleteFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTempPathA
GetCurrentProcessId
lstrcpyA
WideCharToMultiByte
CreateProcessA
GetStartupInfoA
GetExitCodeProcess
CreateThread
CreateEventA
LocalAlloc
GetDriveTypeA
FindNextFileA
GetTickCount
RemoveDirectoryA
CreateDirectoryA
CreateRemoteThread
WriteProcessMemory
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
SetEvent
CreateNamedPipeA
GetWindowsDirectoryA

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

wininet

InternetReadFile
HttpSendRequestA
InternetSetOptionA
HttpQueryInfoA
InternetConnectA
InternetOpenA
HttpOpenRequestA
InternetErrorDlg
InternetCloseHandle
InternetQueryOptionA

wsock32

ioctlsocket
socket
accept
listen
closesocket
send
recv
WSAGetLastError
WSACleanup
getservbyname
getsockname
setsockopt
gethostbyname
shutdown
ntohs
htons
WSAStartup
connect
bind
inet_addr
gethostname

msvcrt

??3@YAXPAX@Z
_strupr
_beginthreadex
strchr
memmove
wcslen
calloc
_endthreadex
difftime
asctime
strftime
_tzset
tolower
_stricmp
_beginthread
wcstombs
fscanf
fgetc
_exit
memcpy
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
fgets
putc
ftell
rewind
getc
srand
rand
sscanf
strcmp
strncmp
time
localtime
fseek
_chdir
atof
??2@YAPAXI@Z
strstr
fprintf
_findfirst
isdigit
atol
realloc
strncpy
strtok
atoi
malloc
strlen
strcpy
strcat
strrchr
fopen
_snprintf
fclose
fread
sprintf
fwrite
free
memset
_lrotl
strncat
_findclose
_mkdir
__CxxFrameHandler
_XcptFilter
_strdup
_CxxThrowException
_strnicmp
??1type_info@@UAE@XZ

shell32

ShellExecuteA

user32

GetWindowTextA
GetWindowThreadProcessId
TranslateMessage
GetDesktopWindow
wsprintfA
FindWindowExA
GetMessageA
DispatchMessageA
PostMessageA
PeekMessageA
ExitWindowsEx

ole32

CoCreateInstance
CLSIDFromProgID
CoUninitialize
CoInitializeSecurity
CoInitialize
CoTaskMemFree

oleaut32

SafeArrayCreateVector
GetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayDestroy
SysAllocString
SysStringLen
SysFreeString
VariantClear
VariantInit
SysAllocStringLen

Sections

Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 20KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FD01316A
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a961986a2cc30e813c45d3154c654ab

Headers

File Characteristics

Imports

advapi32

kernel32

rpcrt4

wininet

wsock32

msvcrt

shell32

user32

ole32

oleaut32

Sections

Size: 116KB - Virtual size: 114KB

UPX Size: 8KB - Virtual size: 7KB

.bss Size: 20KB - Virtual size: 208KB

.code Size: 16KB - Virtual size: 16KB

FD01316A Size: 8KB - Virtual size: 4KB

UPX
Size: 8KB - Virtual size: 7KB

.bss
Size: 20KB - Virtual size: 208KB

.code
Size: 16KB - Virtual size: 16KB

FD01316A
Size: 8KB - Virtual size: 4KB