9801e805b5a8334508f63d899bb30a36

Sharing

Copy URL Twitter E-mail

General

Target

9801e805b5a8334508f63d899bb30a36
Size

308KB
MD5

9801e805b5a8334508f63d899bb30a36
SHA1

6025cea692c6b69e5a5e592f73b76de6378e8fbc
SHA256

3129b0b23bae9c7b8340548e8d6430af61be2b0255ff324fc31c51d987063411
SHA512

29036f22b1c9c8c4e673f3b54c0384c73fd7fabf996ba55411842a7a14fe9e1653f65529505c62a2f4bf8c31b08bd3408a8f763b4f73f2848807bc7e36ed9916
SSDEEP

6144:fTPVSffHq1KZe75QAQbpkirLauxyxPS5djYQ/MVCCk+mfPbIDIfWF40HlLSLKYik:fTPYgrDIfWySYR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9801e805b5a8334508f63d899bb30a36

Files

9801e805b5a8334508f63d899bb30a36
.exe windows:4 windows x86 arch:x86

7d09da2526633196cc6c35fa08fdaa79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetShortPathNameA
MoveFileExA
LocalAlloc
GetCurrentThread
FreeLibrary
SetFilePointer
SetEnvironmentVariableA
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
TerminateProcess
OpenProcess
MultiByteToWideChar
DeviceIoControl
GetCurrentThreadId
SetEndOfFile
GetCurrentProcessId
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
CopyFileA
Sleep
FindFirstFileA
SetLastError
FindNextFileA
FindClose
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
WinExec
OpenFile
_lclose
SetFileAttributesA
DeleteFileA
GetVersionExA
GetFullPathNameA
SetCurrentDirectoryA
GetLastError
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
GetUserDefaultLangID
GetModuleFileNameA
GetComputerNameA
GetPrivateProfileStringA
GetStartupInfoA

user32

EnumWindows
GetWindowThreadProcessId
DialogBoxParamA
LoadStringA
GetParent
CopyRect
OffsetRect
SetWindowPos
MessageBoxA
LoadBitmapA
UpdateWindow
ShowWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRect
GetClientRect
SendMessageA
CreateWindowExA
GetDesktopWindow
LoadImageA
ExitWindowsEx
wsprintfA
GetWindowInfo
GetSystemMetrics
SetDlgItemTextA
GetDlgItem
EnableWindow
EndDialog
IsDlgButtonChecked

advapi32

IsValidSecurityDescriptor
RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
FreeSid
RevertToSelf
AccessCheck
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
RegQueryValueExA
RegEnumValueA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupDiClassGuidsFromNameA
SetupDiGetINFClassA
SetupDiRegisterDeviceInfo
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiCallClassInstaller
SetupDiRemoveDevice
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDriverInfoA

comctl32

ord17

shlwapi

PathIsDirectoryA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
_mbstok
_itoa
_except_handler3
strstr
strchr
memmove
strtoul
_mbscmp
_mbsnbcmp
_mbsnbicmp
_strdup
free
__CxxFrameHandler
atoi
fopen
fclose
vsprintf
fgetc
_mbsnbcpy
sscanf
fprintf
_mbsstr
_mbsicmp
sprintf
exit
??2@YAPAXI@Z
getenv
_mbschr
_mbscspn
_mbsrchr
toupper
??3@YAXPAX@Z

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d09da2526633196cc6c35fa08fdaa79

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

version

setupapi

comctl32

shlwapi

msvcrt

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 144KB - Virtual size: 142KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 144KB - Virtual size: 142KB

.UPX0
Size: 104KB - Virtual size: 252KB