c9f8afefb76b69bf4ec5e1b076baec3a

Sharing

Copy URL Twitter E-mail

General

Target

c9f8afefb76b69bf4ec5e1b076baec3a
Size

342KB
MD5

c9f8afefb76b69bf4ec5e1b076baec3a
SHA1

d3623b95e1d0bb6244bf79e77079059c3678306f
SHA256

3f4d1e97c268d493d562343ad60d6f4308851dbb1e4bad1efebebd021b991237
SHA512

225d89883cc86160e43d7416c4bceeec316ec339d968523bfefae26bffc5ac4d9b73a1f225afb07677ef2725e816e2589b399379826ba2047a8c5028364ebafc
SSDEEP

6144:zE4rnpKEZMjFe//K9tfTUJ7zCiKsW1yNGcVMof+wvwi:Tprwe//qumqH9N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9f8afefb76b69bf4ec5e1b076baec3a

Files

c9f8afefb76b69bf4ec5e1b076baec3a
.exe .vbs windows:5 windows x86 arch:x86 polyglot

2efba96d0bbd2ff7c3e760762f270f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
OpenEventA
GetTempFileNameA
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
TerminateProcess
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
CreateFileW
LoadLibraryW
lstrcmpiW
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
SetEndOfFile
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
DelayLoadFailureHook
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
WaitForSingleObject
SetEvent
GetModuleHandleA
CreateThread
GetCurrentProcess
Sleep
DeleteFileA
WideCharToMultiByte
GetWindowsDirectoryA
VirtualAlloc
SetCurrentDirectoryA
LoadLibraryA
CopyFileA
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
GetLastError
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
CreateEventA

comctl32

PropertySheetW
CreatePropertySheetPageW

user32

GetDlgItem
SendMessageA
EnumWindowStationsA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
EnumDesktopsA
CloseWindowStation
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
ShowWindow
CloseDesktop
FindWindowExA
GetWindowThreadProcessId
GetWindow
GetWindowTextA
wvsprintfW
EnableWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
SendDlgItemMessageA
EnumWindows
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetParent
DestroyWindow
SetDlgItemTextW
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
DialogBoxParamW
SetWindowTextA
DialogBoxParamA
SetDlgItemTextA
MessageBoxA
LoadIconA

ntdll

RtlUnwind
strrchr
_itoa
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
_strcmpi
strncat
_strlwr
strstr
_strnicmp
sprintf
strchr
strncpy
_snprintf
_stricmp
strtoul
_snwprintf
wcscpy
wcslen
_chkstk

ole32

CoInitialize
CoUninitialize

msvcrt

__p__fmode
__p__commode
__set_app_type
_adjust_fdiv
__setusermatherr
_controlfp
getenv
_initterm
__getmainargs
_acmdln
malloc
free
_strdup
_vsnprintf
_vsnwprintf
strcspn
memmove
isdigit
swprintf
calloc
wcscmp
strspn
atol
strpbrk
_close
_lseek
_read
_open
mbstowcs
_ultoa
_wtoi64
_wcsicmp
strtok
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit

advapi32

RegCreateKeyExA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegRestoreKeyA
RegDeleteValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
StartServiceA
OpenSCManagerA
EnumDependentServicesA
RegQueryValueExW
GetLengthSid
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
AdjustTokenPrivileges
FreeSid
SetNamedSecurityInfoA
GetNamedSecurityInfoA
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA
LockServiceDatabase
GetFileSecurityA
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
AbortSystemShutdownA
InitiateSystemShutdownA
RegOpenKeyA
RegEnumKeyExA
RegQueryInfoKeyA
EnumServicesStatusExA
OpenServiceW
OpenServiceA

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHGetSpecialFolderPathA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

GetModuleFileNameExA

userenv

ord119
ord138
ord121

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2efba96d0bbd2ff7c3e760762f270f5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

user32

ntdll

ole32

msvcrt

advapi32

gdi32

shell32

version

psapi

userenv

rpcrt4

imagehlp

Sections

.text Size: 150KB - Virtual size: 150KB

.data Size: 2KB - Virtual size: 395KB

.rsrc Size: 44KB - Virtual size: 43KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 150KB - Virtual size: 150KB

.data
Size: 2KB - Virtual size: 395KB

.rsrc
Size: 44KB - Virtual size: 43KB

UPX0
Size: 144KB - Virtual size: 380KB