a4bc4e89d4a7f00d75ba1451069e4d562ac526f9beb814bb464a53cfa1cd4f61

Sharing

Copy URL Twitter E-mail

General

Target

a4bc4e89d4a7f00d75ba1451069e4d562ac526f9beb814bb464a53cfa1cd4f61
Size

803KB
MD5

456a08a35e9693db2390990054a82a35
SHA1

7b639c3d59be9004d68173a5f80a55054a2a7890
SHA256

a4bc4e89d4a7f00d75ba1451069e4d562ac526f9beb814bb464a53cfa1cd4f61
SHA512

5718cd24ab5f44dcd71bf2bb80b69d9364b3bca9ba44731091852e7427cbaf719574f1539fb2075f3ab1a222fbdbd14930f7432317a21db5facee7db2b7ee7a1
SSDEEP

24576:nDAo5NgVrVeuNJZn9cyn/wDvxfLUY3ur:BCVeA9xYxAFr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4bc4e89d4a7f00d75ba1451069e4d562ac526f9beb814bb464a53cfa1cd4f61

Files

a4bc4e89d4a7f00d75ba1451069e4d562ac526f9beb814bb464a53cfa1cd4f61
.dll windows:5 windows x86 arch:x86

61ad7b1dcf6d8517124f478864771a88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
ReleaseDC
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
LoadIconA
GetSystemMetrics
GetSysColor
GetDC
CharNextA
CharToOemA
MessageBoxW
CharUpperBuffW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WaitForSingleObject
VirtualQuery
VirtualProtect
SetFilePointer
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MulDiv
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FlushInstructionCache
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

gdi32

UnrealizeObject
SetTextColor
SetROP2
SetBkMode
SetBkColor
SelectPalette
SelectObject
MoveToEx
GetTextMetricsA
GetSystemPaletteEntries
GetStockObject
GetDeviceCaps
GetCurrentPositionEx
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateFontIndirectA
CreateBrushIndirect

Exports

Exports

Init
UnInit

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 90B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61ad7b1dcf6d8517124f478864771a88

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 98KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 19KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 90B

UPX0 Size: 615KB - Virtual size: 615KB

UPX1 Size: 51KB - Virtual size: 51KB

.reloc Size: 13KB - Virtual size: 13KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 98KB - Virtual size: 98KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 90B

UPX0
Size: 615KB - Virtual size: 615KB

UPX1
Size: 51KB - Virtual size: 51KB

.reloc
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 10KB - Virtual size: 10KB