launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

launcher.exe
Size

9.6MB
MD5

416a2f5965db0ee812c7053331b96e57
SHA1

86af2acbb588d4d5b950e56fc58837c271d0100b
SHA256

739facec125796b99bd7a29a9773e58ed4b7b086fcd81ebd6337567c344bd6b6
SHA512

3ee0596bbd65df721a5ccd1773f9e526bc6422bbe57e9508292409a716b718405a23441f042352625e2b224749f3ffa61d248f2d00fa5ea3eb294268ff933468
SSDEEP

196608:eghWTfvzNCAHwQmZJLSQ2y/VBMLihiTIvApLkZPeAR4I5gdJexgwEAHl/93n8Nj1:mTx/sS4/cLi0LpLyeA2I5gdJnAHl/58N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
launcher.exe

Files

launcher.exe
.exe windows:6 windows x64 arch:x64

5e66f7c9f0460ebe32f5552673d9d37e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AreFileApisANSI
CloseHandle
CloseThreadpoolWork
CompareStringW
ConvertFiberToThread
ConvertThreadToFiber
CreateDirectoryW
CreateFiber
CreateFileW
CreateThread
CreateThreadpoolWork
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFiber
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenThread
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResumeThread
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadContext
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SubmitThreadpoolWork
SuspendThread
SwitchToFiber
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

cfgmgr32

CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW

iphlpapi

GetAdaptersInfo
GetIpNetTable
SendARP

d3d9

Direct3DCreate9

ole32

StringFromGUID2

hid

HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetProductString
HidD_GetSerialNumberString

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
getprotobyname
htons
inet_pton
ntohl
recv
send
sendto
shutdown
socket

urlmon

URLDownloadToFileW

netapi32

NetApiBufferFree
NetUserEnum

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 826KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e66f7c9f0460ebe32f5552673d9d37e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cfgmgr32

iphlpapi

d3d9

ole32

hid

setupapi

ws2_32

urlmon

netapi32

ntdll

advapi32

user32

crypt32

bcrypt

Sections

.text Size: - Virtual size: 13.1MB

.rdata Size: - Virtual size: 826KB

.data Size: - Virtual size: 538KB

.pdata Size: - Virtual size: 90KB

.shared Size: 512B - Virtual size: 1B

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 9.2MB - Virtual size: 9.2MB

.rsrc Size: 365KB - Virtual size: 364KB

.text
Size: - Virtual size: 13.1MB

.rdata
Size: - Virtual size: 826KB

.data
Size: - Virtual size: 538KB

.pdata
Size: - Virtual size: 90KB

.shared
Size: 512B - Virtual size: 1B

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 9.2MB - Virtual size: 9.2MB

.rsrc
Size: 365KB - Virtual size: 364KB