adbc8c17385f0a5ba9cf210dc9edbb4f

Sharing

Copy URL Twitter E-mail

General

Target

adbc8c17385f0a5ba9cf210dc9edbb4f
Size

201KB
MD5

adbc8c17385f0a5ba9cf210dc9edbb4f
SHA1

1d35ce683a0b5dca55de137b7ccb0921fc857235
SHA256

e55a9b9bb2b184f1c60bc72eba4049a56103cce870a8a1a472bb34a45104e951
SHA512

7e2bafeb52d9fe5117f8e972ff11deea66530810e4a229a6e26d484746bc06ab63a2e6c0a8f2be04cdac78ac4edbe45317c0bcf662558087a3aef2f6a5c2f6b8
SSDEEP

1536:zfa7kS9P7Lxt4FhVqrsq3TmLOO935RvIxgk7pOW26U+Urf2ptETsUZDredSpgjh+:u7kS9P7LxqrVqquxgktXRkOmhz4Ei87

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
adbc8c17385f0a5ba9cf210dc9edbb4f
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/httpget.dll
unpack001/$PLUGINSDIR/img.dll
unpack001/$PLUGINSDIR/nsisFile.dll
unpack001/$PLUGINSDIR/nsisXML.dll
unpack001/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2

Files

adbc8c17385f0a5ba9cf210dc9edbb4f
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

51cc377db2a9db8d63bafd8fe8dffb97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetProcAddress
GetVersionExA
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
lstrlenA
SetCurrentDirectoryA
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetModuleHandleA
GetExitCodeThread
CreateThread
CreateFileMappingA
CreateEventA
GlobalAlloc
CreateProcessA
GetLastError
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
DuplicateHandle
LoadLibraryA

user32

GetClassNameA
SetWindowsHookExA
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
DefWindowProcA
SetForegroundWindow
PostMessageA
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClientRect
FindWindowExA
LoadIconA
CreateDialogParamA
IsWindowVisible
CallNextHookEx
CharNextA
DialogBoxParamA
SendMessageW
MessageBoxA
EndDialog
LoadImageA
DestroyWindow
GetWindowLongA
EnableWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
SetWindowLongA

advapi32

GetUserNameA
OpenSCManagerA
GetTokenInformation
CloseServiceHandle
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueA
QueryServiceStatus
OpenServiceA

shell32

ShellExecuteExA

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/httpget.dll
.dll windows:4 windows x86 arch:x86

51c7bf7e5ccbeb2eab570d4c42be1f8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
sprintf
free
strtol
atoi
strtoul
??3@YAXPAX@Z
??2@YAPAXI@Z

kernel32

lstrcatA
lstrcpynA
lstrcpyA
lstrcmpiA
CreateThread
LoadLibraryA
CreateFileA
lstrlenA
CloseHandle
DeleteFileA
WriteFile
MulDiv
GlobalFree
GetLastError
GlobalAlloc

user32

MessageBoxA

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetSetOptionA
InternetQueryOptionA
InternetOpenA

Exports

Exports

get
test

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/img.dll
.dll windows:4 windows x86 arch:x86

8244405577263a4c327ca6eebef5b3d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

GlobalFree
Sleep
MultiByteToWideChar
lstrcmpiA
GlobalAlloc
lstrcpyA

user32

GetWindowRect
GetDlgItem
IsWindowVisible
FindWindowExA
EndPaint
CallWindowProcA
BeginPaint
ScreenToClient
MessageBoxA
GetDC
ReleaseDC
InvalidateRect
IsWindow
GetWindowLongA
SetWindowLongA
GetClientRect

gdi32

DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteObject

ole32

CoCreateInstance

shlwapi

StrToIntExA

Exports

Exports

show
stop

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFile.dll
.dll windows:4 windows x86 arch:x86

722b4c6354d0d74582e6b8b9621ef62c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
lstrlenA
WriteFile
SetFilePointer
SetEndOfFile
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
_itoa
memmove
memcmp
memchr
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

BinToHex
FileFindBytes
FileReadBytes
FileTruncate
FileWriteBytes
HexToBin

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 699B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisXML.dll
.dll windows:4 windows x86 arch:x86

177dccc4d0323e428824818efd241cc7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
InterlockedIncrement
GlobalFree
WideCharToMultiByte
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
LocalFree

user32

wsprintfA

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
GetErrorInfo
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantClear

msvcrt

free
_onexit
__dllonexit
_adjust_fdiv
malloc
_CxxThrowException
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_initterm
??1type_info@@UAE@XZ
atoi

Exports

Exports

appendChild
create
createElement
createProcessingInstruction
getAttribute
getText
insertBefore
load
loadAndValidate
parentNode
release
removeChild
save
select
setAttribute
setDocumentElement
setText

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/bullet.bmp
$TEMP/no-cover.jpg
.jpg
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
utils.jar
.zip
org/sevenzip/decoder/CRC.class
org/sevenzip/decoder/LzmaAloneDecoder$CommandLine.class
org/sevenzip/decoder/LzmaAloneDecoder.class
org/sevenzip/decoder/SevenZipFolderDecoder.class
org/sevenzip/decoder/compression/lz/OutWindow.class
org/sevenzip/decoder/compression/lzma/Base.class
org/sevenzip/decoder/compression/lzma/Decoder$LenDecoder.class
org/sevenzip/decoder/compression/lzma/Decoder$LiteralDecoder$Decoder2.class
org/sevenzip/decoder/compression/lzma/Decoder$LiteralDecoder.class
org/sevenzip/decoder/compression/lzma/Decoder.class
org/sevenzip/decoder/compression/rangecoder/BitTreeDecoder.class
org/sevenzip/decoder/compression/rangecoder/Decoder.class
ru/megamakc/core/hash/ProgressListener.class
ru/megamakc/core/path/IPathConverter.class
ru/megamakc/core/tools/FileHelperBase.class
ru/megamakc/zip/IZipCreator.class
ru/megamakc/zip/ZipHelper$1.class
ru/megamakc/zip/ZipHelper$ZipDeflatedStream.class
ru/megamakc/zip/ZipHelper.class

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 372KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 114KB - Virtual size: 116KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

51cc377db2a9db8d63bafd8fe8dffb97

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 852B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 964B

51c7bf7e5ccbeb2eab570d4c42be1f8c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 312B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 318B

8244405577263a4c327ca6eebef5b3d5

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 788B

.reloc Size: 512B - Virtual size: 424B

722b4c6354d0d74582e6b8b9621ef62c

Headers

File Characteristics

Imports

kernel32

UPX0
Size: - Virtual size: 372KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 114KB - Virtual size: 116KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 852B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 964B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 312B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 318B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 788B

.reloc
Size: 512B - Virtual size: 424B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 699B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 512B - Virtual size: 214B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 476B

.reloc
Size: 1024B - Virtual size: 666B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 84KB

.rsrc
Size: 115KB - Virtual size: 114KB