c6be6799b833b319329560142cea34baae5691543f1c2a01a91982e6515a1a8f

Sharing

Copy URL

Twitter E-mail

General

Target

c6be6799b833b319329560142cea34baae5691543f1c2a01a91982e6515a1a8f
Size

3.7MB
MD5

2dd39ae069e07bb15df5c75342f29b5f
SHA1

4d7c6fc39978d0e3c929841e8480aa9c93ea5995
SHA256

c6be6799b833b319329560142cea34baae5691543f1c2a01a91982e6515a1a8f
SHA512

ebba2070eae04671f6712617942565fbedd6812f15bfe1bbaa4b3d4305891aa5942c77e7313e6abeacc088804f5b76f9833f4a9a34f7af28fb2ac179ec7d476a
SSDEEP

49152:6LozW+UTKv3T4lizLdg8WCwz95NdJ8vuafMk7BorFLLKkRXqrLFp6oe3s9RSdtls:6LH+3ZzLdg9Km8B2t/XwFsdtlgIy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
c6be6799b833b319329560142cea34baae5691543f1c2a01a91982e6515a1a8f

Files

c6be6799b833b319329560142cea34baae5691543f1c2a01a91982e6515a1a8f
.dll windows:4 windows x86 arch:x86

24dbc0e6cd6d23841016ff9aca8d4f74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
WriteFile
lstrlenA
GetModuleFileNameA
GetSystemInfo
FindClose
FindFirstFileA
lstrcpyA
LoadLibraryExA
lstrcpynA
GetSystemTime
GetLocalTime
ReadFile
SetFilePointer
GetFileSize
SizeofResource
LockResource
LoadResource
FindResourceA
GetVersion
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemDirectoryA
LocalFree
GlobalUnlock
LocalLock
GlobalAlloc
DeviceIoControl
ReleaseSemaphore
CreateSemaphoreA
GetPrivateProfileStringA
IsBadReadPtr
GetCurrentProcess
VirtualProtectEx
VirtualAlloc
VirtualFree
GetVersionExA
lstrcatA
FreeLibrary
GetCurrentProcessId
OpenProcess
TerminateProcess
LoadLibraryA
CreateFileA
GetLastError
GetProcAddress
GetModuleHandleA
GetTickCount
CloseHandle
QueryPerformanceCounter
GlobalMemoryStatus
GetStdHandle
GetFileType
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
SetCursor
GetDesktopWindow
wsprintfA
LoadCursorA
MessageBoxW

advapi32

RegOpenKeyExA
ReportEventA
DeregisterEventSource
RegEnumKeyExA
RegCloseKey
RegisterEventSourceA

netapi32

Netbios

msvcrt

_strnicmp
free
malloc
_except_handler3
atol
fclose
fread
fopen
_ltoa
_stricmp
_pctype
__mb_cur_max
_isctype
realloc
memchr
fwrite
fflush
_setmode
ftell
fseek
fgets
abort
wcsstr
_vsnprintf
vfprintf
_iob
strcmp
qsort
fprintf
_initterm
_adjust_fdiv
mktime
localtime
__CxxFrameHandler
time
srand
rand
??2@YAPAXI@Z
strrchr
??3@YAXPAX@Z
_fileno
memmove

Exports

Exports

FxDecryptFile
FxGetFileHeader

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 980KB - Virtual size: 977KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 852KB - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 960KB - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 628KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24dbc0e6cd6d23841016ff9aca8d4f74

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 292KB

.rdata Size: 980KB - Virtual size: 977KB

.data Size: 852KB - Virtual size: 893KB

.UPX0 Size: 28KB - Virtual size: 26KB

.UPX1 Size: 960KB - Virtual size: 958KB

.tls Size: 4KB - Virtual size: 24B

.UPX2 Size: 44KB - Virtual size: 43KB

.rsrc Size: 628KB - Virtual size: 625KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 296KB - Virtual size: 292KB

.rdata
Size: 980KB - Virtual size: 977KB

.data
Size: 852KB - Virtual size: 893KB

.UPX0
Size: 28KB - Virtual size: 26KB

.UPX1
Size: 960KB - Virtual size: 958KB

.tls
Size: 4KB - Virtual size: 24B

.UPX2
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 628KB - Virtual size: 625KB

.reloc
Size: 20KB - Virtual size: 16KB