76fd6906ccd95848327e55b1cec3e31a

Sharing

Copy URL Twitter E-mail

General

Target

76fd6906ccd95848327e55b1cec3e31a
Size

285KB
MD5

76fd6906ccd95848327e55b1cec3e31a
SHA1

54607150277dc2a8a0e48300a0bde9c3ae116afd
SHA256

e63c5e2eca1275d9a909aafb7350c48dae9f5b801f76dbbc6cac130e4e456537
SHA512

cb5673f5607e1b24f5496df64b4278b6d8e0e28daac8b76cabd77d634a4dc46f2fb0567eb12366f74ec0d07bc4246ce7aa1425d818019241b19fd22bff9d0c94
SSDEEP

6144:woUuerS7kkQMHy95orakpJF2J/HiKER8PoVqbNBOX3/CAm:w5PrS73JF2Zt0/Pm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76fd6906ccd95848327e55b1cec3e31a

Files

76fd6906ccd95848327e55b1cec3e31a
.exe windows:5 windows x86 arch:x86

4657d0d414c30d433ad26ac10ef98d51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
iswspace
wprintf
_wcslwr
wcstol
_except_handler3
_wtol
fprintf
_errno
swscanf
wcstoul
_wsetlocale
wcsncmp
wcschr
_CxxThrowException
_wcsupr
fputwc
_wcsicmp
_iob
wcsstr
__CxxFrameHandler
_wtoi
towupper
wcscmp
_c_exit
_exit
_XcptFilter
_cexit
??2@YAPAXI@Z
iswdigit
wcslen
printf
_vsnwprintf
exit
__winitenv
__wgetmainargs
_initterm
vswprintf
??3@YAXPAX@Z
_putws
?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr

atl

ord16

advapi32

LookupAccountNameW
GetSecurityDescriptorLength
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorControl
MakeSelfRelativeSD
BuildExplicitAccessWithNameW
AllocateAndInitializeSid
GetSecurityDescriptorDacl
IsValidAcl
GetAclInformation
GetAce
FreeSid
EqualSid
QueryServiceConfigW
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfig2W

kernel32

GetStdHandle
GetConsoleOutputCP
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
GetConsoleMode
SetUnhandledExceptionFilter
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
DnsHostnameToComputerNameW
SetConsoleMode
ReadConsoleW
UnhandledExceptionFilter
LocalReAlloc
LocalAlloc
GetComputerNameExW
InitializeCriticalSectionAndSpinCount
GetCommandLineW
lstrcmpiW
GetModuleHandleW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryW
FreeLibrary
CloseHandle
FormatMessageW
LocalFree
DeleteCriticalSection
Sleep
InterlockedIncrement
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenA
InterlockedDecrement
lstrlenW
CompareStringW
lstrcmpW
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringA
InterlockedCompareExchange
FormatMessageA
LoadLibraryExW

user32

LoadStringW

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstanceEx
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

netapi32

NetpwNameValidate
NetpNetBiosReset
NetpNetBiosStatusToApiStatus
NetUserChangePassword
Netbios
DsGetDcNameW
NetServerEnum
NetApiBufferFree

clusapi

ClusterGetEnumCount
CloseClusterNetInterface
OpenClusterNetInterface
GetClusterNetInterfaceState
ClusterNetInterfaceControl
CloseClusterNode
GetClusterNodeState
OpenClusterNode
ClusterNodeCloseEnum
ClusterNodeOpenEnum
ClusterNodeControl
PauseClusterNode
ResumeClusterNode
EvictClusterNodeEx
GetClusterNodeId
GetClusterInformation
SetClusterServiceAccountPassword
ClusterResourceControl
DeleteClusterResource
SetClusterResourceName
ClusterResourceCloseEnum
ClusterResourceOpenEnum
FailClusterResource
CreateClusterResource
OpenClusterGroup
CloseClusterGroup
ChangeClusterResourceGroup
AddClusterResourceDependency
RemoveClusterResourceDependency
AddClusterResourceNode
RemoveClusterResourceNode
GetClusterNetworkState
SetClusterNetworkName
ClusterNetworkCloseEnum
ClusterNetworkOpenEnum
ClusterNetworkControl
OpenClusterNetwork
SetClusterNetworkPriorityOrder
CloseClusterNetwork
OpenClusterResource
SetClusterQuorumResource
CloseClusterResource
SetClusterName
ClusterOpenEnum
ClusterEnum
ClusterCloseEnum
OpenCluster
ClusterControl
SetClusterGroupNodeList
ClusterResourceTypeEnum
ClusterResourceTypeCloseEnum
ClusterResourceTypeOpenEnum
ClusterResourceTypeControl
DeleteClusterResourceType
CreateClusterResourceType
GetClusterQuorumResource
GetClusterGroupState
ClusterGroupEnum
ClusterNetworkEnum
ClusterNodeEnum
GetClusterResourceState
ClusterResourceEnum
CreateClusterNotifyPort
CloseClusterNotifyPort
RegisterClusterNotify
GetClusterNotify
CreateClusterGroup
OnlineClusterResource
OfflineClusterResource
OnlineClusterGroup
OfflineClusterGroup
MoveClusterGroup
GetClusterNetInterface
DeleteClusterGroup
SetClusterGroupName
ClusterGroupCloseEnum
ClusterGroupOpenEnum
ClusterGroupControl
CloseCluster

ntdll

RtlAnsiStringToUnicodeString
RtlNtStatusToDosError
memmove
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
_strnicmp
RtlUnicodeStringToOemString
toupper
RtlFreeOemString
iswctype

ws2_32

inet_addr

dnsapi

DnsValidateName_W

secur32

GetUserNameExW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4657d0d414c30d433ad26ac10ef98d51

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

advapi32

kernel32

user32

ole32

oleaut32

netapi32

clusapi

ntdll

ws2_32

dnsapi

secur32

Sections

.text Size: 121KB - Virtual size: 120KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 54KB - Virtual size: 54KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 121KB - Virtual size: 120KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 54KB - Virtual size: 54KB

.UPX0
Size: 108KB - Virtual size: 260KB