b512c2d840776b0b4ddfb7af74a9feee

Sharing

Copy URL Twitter E-mail

General

Target

b512c2d840776b0b4ddfb7af74a9feee
Size

304KB
MD5

b512c2d840776b0b4ddfb7af74a9feee
SHA1

dc44080685bc4325f791a6271dcb8eeb66fc984e
SHA256

bddd86f9729b0da534e09bc8808049bf36202bf3b6285cfa5e6e06fea7f54d52
SHA512

09df7848e595a862bca42664609de0ac33b735bbb6b18d01a27e123db01253c617647e11ff2e79f7826d08ff587d3fd1d11b9a04244d317aab4f1753c4d0b2ea
SSDEEP

3072:/BBbGCXNyy44NPDIgXGBDYl2WmupqKrQNHlJel:/mCky44pGBAhAKrQNHLel

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b512c2d840776b0b4ddfb7af74a9feee

Files

b512c2d840776b0b4ddfb7af74a9feee
.dll regsvr32 windows:4 windows x86 arch:x86

4658507939f523eb4b49cb699c89cfab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
InterlockedDecrement
lstrlenA
WideCharToMultiByte
LocalFree
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedIncrement
lstrcatA
lstrcpynA
OutputDebugStringA
GetShortPathNameA
GetModuleHandleA
lstrlenW
GetModuleFileNameA
lstrcmpiA
CloseHandle
EnterCriticalSection
GetSystemInfo
GetLastError
CreateFileA
WriteFile
TerminateProcess
OpenProcess
ExitProcess
DisableThreadLibraryCalls
HeapAlloc
GetVersionExA
HeapCreate
HeapDestroy
TerminateThread
CreateThread
Sleep
GetTickCount
lstrcmpA
CreateProcessA
GetWindowsDirectoryA
OutputDebugStringW
DeleteFileA
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
WaitForSingleObject
CreateDirectoryA
CopyFileA
FreeLibrary
GetProcAddress
LoadLibraryA
LocalAlloc
GlobalFree
GlobalAlloc
FindResourceA
LockResource
SizeofResource
LoadResource
ReadFile
GetFileSize

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA

gdi32

SetBkColor
GetStockObject
GetDIBits
GetObjectA
SetMapMode
SetTextColor
CreateSolidBrush
SetBkMode
CreateFontA
DeleteObject
SetWindowExtEx
SetViewportExtEx

msvcrt

_ftol
??1type_info@@UAE@XZ
realloc
strchr
free
fopen
fwrite
strrchr
abs
strncmp
fclose
strncpy
srand
atol
time
localtime
rand
strstr
_mbscmp
atof
atoi
memcmp
_mbsnbcmp
sprintf
pow
_ismbcdigit
_adjust_fdiv
_mbclen
vsprintf
strlen
_mbsrchr
memmove
_mbsinc
_mbsstr
_mbslwr
memset
_mbschr
memcpy
??3@YAXPAX@Z
wcslen
strcpy
malloc
??2@YAPAXI@Z
_CxxThrowException
__dllonexit
_onexit
_initterm
_msize

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree

oleaut32

shell32

ShellExecuteA
Shell_NotifyIconA

urlmon

URLOpenBlockingStreamA

user32

InsertMenuA
DestroyMenu
SetDlgItemTextA
TrackPopupMenu
LoadStringA
GetWindowThreadProcessId
SendMessageA
CreatePopupMenu
GetWindowPlacement
GetCursorPos
InvalidateRect
GetParent
SetForegroundWindow
DestroyWindow
LoadImageA
IsWindow
GetClipboardData
CreateWindowExA
OpenClipboard
GetDC
CloseClipboard
GetOpenClipboardWindow
TranslateMessage
CopyIcon
PeekMessageA
SetSystemCursor
DispatchMessageA
GetDlgItem
CopyImage
CharUpperBuffA
LoadCursorA
GetSystemMetrics
CharLowerBuffA
GetForegroundWindow
EnumWindows
GetClientRect
FillRect
GetClassNameA
SetWindowsHookExA
UnhookWindowsHookEx
PostMessageA
GetWindowTextA
CallNextHookEx
SetWindowPos
GetWindowRect
GetDesktopWindow
SetWindowLongA
MoveWindow
GetWindowLongA
MessageBoxA
ShowWindow
EnableWindow
SetTimer
SetWindowTextA
EndDialog
FindWindowA
DialogBoxParamA
KillTimer
GetDlgItemTextA
CloseWindow

wininet

InternetGetConnectedState
InternetCanonicalizeUrlA
GetUrlCacheEntryInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstantAccess
iedisco

Sections

UPX0
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4658507939f523eb4b49cb699c89cfab

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

msvcrt

ole32

oleaut32

shell32

urlmon

user32

wininet

Exports

Exports

Sections

UPX0 Size: 284KB - Virtual size: 284KB

.rsrc Size: 14KB - Virtual size: 16KB

.avp Size: 4KB - Virtual size: 8KB

UPX0
Size: 284KB - Virtual size: 284KB

.rsrc
Size: 14KB - Virtual size: 16KB

.avp
Size: 4KB - Virtual size: 8KB