7d34637317848e2a055ae72c48f05adc

Sharing

Copy URL Twitter E-mail

General

Target

7d34637317848e2a055ae72c48f05adc
Size

131KB
MD5

7d34637317848e2a055ae72c48f05adc
SHA1

b156ee0654536065b4fd9f7a780045541b587f89
SHA256

180e7ccae841511988b9e46c17246c6f26a0adcc17eb67088abf2fe2f181d821
SHA512

1cacc58afeed8b946845456c91613f273ecb9a16e074b5c7c5ab8ec13d3109b58e2b334553fe6cf13ac54e659e7b75503ae93f40b615e32f22925e61f7e7048c
SSDEEP

3072:ypE4+opzQ4JSG//xFSkm7wGB6CMCB2Pt5SFSF9OU8mnaiJAkRvUnfTe:sEaNQ4DhFSh7sd4UXnrJAkRvv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
static1/unpack001/uninstall.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
7d34637317848e2a055ae72c48f05adc
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/clipx.exe
unpack001/out.upx
unpack001/uninstall.exe
unpack002/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2
static1/unpack002/out.upx	nsis_installer_2

Files

7d34637317848e2a055ae72c48f05adc
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
click.wav
clipx.exe
.exe windows:4 windows x86 arch:x86

9a4b5480af07433a5a9021b9d5795138

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
GetWindowsDirectoryA
GetStartupInfoA
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetACP
IsValidCodePage
GetTempFileNameA
CloseHandle
GetCurrentThread
DuplicateHandle
CopyFileA
lstrlenW
lstrcmpiA
CreateFileW
FindFirstFileW
FindNextFileW
FindClose
FindFirstFileA
FindNextFileA
CreateDirectoryA
GetTempPathA
FormatMessageA
LocalFree
SetCurrentDirectoryW
SetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTickCount
QueryPerformanceFrequency
DebugBreak
AddAtomA
ExitProcess
DeleteAtom
GetVersionExA
HeapFree
lstrcpynA
lstrlenA
lstrcatA
GetProcessHeap
HeapAlloc
WideCharToMultiByte
Sleep
MulDiv
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentProcess
SetProcessWorkingSetSize
OutputDebugStringA
GlobalSize
GlobalLock
GlobalUnlock
GetModuleFileNameA
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcmpW
GetModuleHandleA

user32

GetWindowRect
GetForegroundWindow
GetParent
GetWindowLongA
CallWindowProcA
SetFocus
GetWindowTextW
FindWindowA
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
GetWindowLongW
SetWindowLongW
CallWindowProcW
RegisterClassExA
MapVirtualKeyA
GetKeyNameTextA
wsprintfA
CopyRect
IsWindow
DialogBoxParamW
UnregisterHotKey
RegisterHotKey
GetWindowTextA
GetCaretPos
keybd_event
GetClassNameA
GetMenuItemInfoA
GetSystemMetrics
SystemParametersInfoA
WindowFromDC
InsertMenuA
SetMenuDefaultItem
GetCursorPos
TrackPopupMenuEx
LoadCursorA
SetCursor
DestroyIcon
LoadImageA
DrawTextW
GetUpdateRect
BeginPaint
EndPaint
EnumClipboardFormats
MessageBoxA
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PostMessageA
SetClipboardViewer
ChangeClipboardChain
UnregisterClassA
RegisterClipboardFormatA
RegisterClassA
CreateWindowExA
DefWindowProcA
GetMenuItemInfoW
DeleteMenu
SetMenuItemInfoW
InsertMenuW
GetMenuItemCount
DestroyMenu
CreatePopupMenu
GetDC
ReleaseDC
KillTimer
BringWindowToTop
SetForegroundWindow
EndDialog
SetTimer
GetSysColor
GetSysColorBrush
FillRect
DrawFocusRect
DrawTextA
IsWindowEnabled
DestroyWindow
CreateDialogParamA
SetWindowTextA
SetWindowTextW
ScreenToClient
OffsetRect
ShowWindow
SetWindowLongA
SetDlgItemInt
GetFocus
IsDlgButtonChecked
GetKeyState
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
PeekMessageA
DialogBoxParamA
GetDlgItemInt
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
EnableWindow
GetDlgItem
GetClientRect
ClientToScreen
SetWindowPos
SendMessageA

gdi32

BitBlt
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPointW
CreateFontIndirectA
GetDeviceCaps
DeleteDC
SetBkColor
GetObjectA
CreatePen
SelectObject
Rectangle
DeleteObject
SetBkMode
SetTextColor
MoveToEx
LineTo
CreateRectRgnIndirect
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
InvertRgn
GetRegionData
GetRgnBox
OffsetRgn
PtInRegion
ExtCreateRegion
SetRectRgn
GetClipRgn
GetClipBox
FillRgn

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

GetUserNameA
RegQueryValueExA
RegQueryValueA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragQueryFileA
ShellExecuteA
Shell_NotifyIconW
DragQueryFileW

ole32

CLSIDFromString
CoCreateInstance
CoCreateGuid
CoGetMalloc
CoInitialize

oleaut32

VariantInit
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocString

comctl32

ord17

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

winmm

PlaySoundA

msvcrt

realloc
memmove
free
malloc
strchr
strstr
strncpy
_wstati64
fseek
ftell
fread
fwrite
_unlink
_access
strtok
sprintf
sscanf
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_stati64
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
fopen
fprintf
fclose
time
localtime
gmtime
strftime
isdigit
vsprintf
isalpha
_mkdir
toupper
atoi
mbstowcs
_ftol
_controlfp
_wfopen
_purecall
??2@YAPAXI@Z
wcstombs
__CxxFrameHandler
_except_handler3

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
whatsnew.txt
.rtf .txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 184KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 15KB - Virtual size: 16KB

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 472B

9a4b5480af07433a5a9021b9d5795138

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oleacc

winmm

msvcrt

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 9KB - Virtual size: 1.0MB

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 34KB - Virtual size: 33KB

Headers

File Characteristics

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 184KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 184KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 9KB - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 34KB - Virtual size: 33KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 184KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB