c4f8b18a86ab1eb761ce54d4df4e09e1

Sharing

Copy URL Twitter E-mail

General

Target

c4f8b18a86ab1eb761ce54d4df4e09e1
Size

277KB
MD5

c4f8b18a86ab1eb761ce54d4df4e09e1
SHA1

7d9c0e7a4d3b53ac76a543dd8130ee06c7ce57ca
SHA256

8c2eb071a362b2bba2af2f80a292c32a802f59a49ad9df33079da6daa873e452
SHA512

65df71f8948797b7fa73b837116ee3225c53074be9c16612463ddbde092fdc96bb360a37597764330b7a78accc1ffa8c2c03541daf3c78cada33c998cea2ef02
SSDEEP

6144:w1B1lmENRB8bprj1zwJZmBsGm006C4ovaFvwnS0YUKKXv:WB1lmENRBk3AZjGm00t4ovaFKp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4f8b18a86ab1eb761ce54d4df4e09e1

Files

c4f8b18a86ab1eb761ce54d4df4e09e1
.dll regsvr32 windows:4 windows x86 arch:x86

4ab8bf17e16fe9d604c19e754658f99a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadResource
LocalFree
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetVersionExA
GetCurrentProcessId
TerminateThread
FindResourceA
DeleteFileA
Sleep
QueryPerformanceCounter
GetTickCount
lstrlenA
GetShortPathNameA
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyA
lstrcatA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
QueryPerformanceFrequency

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ImageList_LoadImageA
ImageList_Create

gdi32

CreateBitmap
CreatePatternBrush
CreateDIBSection
SetBkColor
SetBrushOrgEx
SetTextColor
SetBkMode
CreateFontA
CreateFontIndirectA
EnumFontFamiliesExA
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
PatBlt
DeleteDC

msvcp60

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

msvcrt

wcslen
_itoa
realloc
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
wcscpy
_CxxThrowException
wcstod
free
memset
exit
time
localtime
mktime
difftime
strtok
_purecall
wcstol
??3@YAXPAX@Z
memmove
__CxxFrameHandler
memcpy
memcmp
??2@YAPAXI@Z

ole32

ReleaseStgMedium
RegisterDragDrop
OleRun
CoUninitialize
CoInitialize
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance

oleaut32

olepro32

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

user32

AppendMenuA
TranslateMessage
DispatchMessageA
CheckMenuRadioItem
GetComboBoxInfo
SetActiveWindow
MoveWindow
DrawFrameControl
DrawEdge
ShowWindow
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindowLongA
GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
CharNextA
GetSysColor
SetFocus
FrameRect
InflateRect
OffsetRect
GetSysColorBrush
GetMenuItemInfoA
UpdateWindow
CallNextHookEx
GetSystemMetrics
DrawTextA
CreatePopupMenu
GetWindowDC
SystemParametersInfoA
SetRectEmpty
IsWindowVisible
UnhookWindowsHookEx
SetWindowsHookExA
DestroyMenu
LoadImageA
CopyRect
SetCursor
GetKeyState
GetWindowRect
MapWindowPoints
TrackPopupMenu
ScreenToClient
GetMessagePos
CreateWindowExA
wsprintfA
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetClientRect
SetWindowPos
CallWindowProcA
DestroyWindow
SendMessageA
ReleaseCapture
CreateAcceleratorTableA
GetDC
ReleaseDC
GetDesktopWindow
IsWindow
BeginPaint
FillRect
EndPaint
GetFocus
MessageBoxA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ab8bf17e16fe9d604c19e754658f99a

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

msvcp60

msvcrt

ole32

oleaut32

olepro32

shell32

urlmon

user32

Exports

Exports

Sections

UPX0 Size: 264KB - Virtual size: 264KB

.rsrc Size: 4KB - Virtual size: 8KB

.avp Size: 7KB - Virtual size: 8KB

UPX0
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 4KB - Virtual size: 8KB

.avp
Size: 7KB - Virtual size: 8KB