bf70ce663b521883d433339da310e845299b95ac37f4f755f70d11efb57ed4b2

Sharing

Copy URL

Twitter E-mail

General

Target

bf70ce663b521883d433339da310e845299b95ac37f4f755f70d11efb57ed4b2
Size

8.7MB
MD5

4a6b0c4388f847dcb56a0fdd1669132e
SHA1

b4c33469781977edf69d050a03ebe5e608a72065
SHA256

bf70ce663b521883d433339da310e845299b95ac37f4f755f70d11efb57ed4b2
SHA512

b25f39cd8252a195a1f71e9de293af8af4f30411bb68f91443c6d4409497edb564c4297cf733f98e492e2f86bb0a860c756bea597eed66969a099e1a80e01431
SSDEEP

196608:9ZkRoZurOTEdFHGbn7hM4yS33jD8hgj3/tLj1+7c3:9ZkAE/Hw7hAS33jDGgz/tt+Q3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf70ce663b521883d433339da310e845299b95ac37f4f755f70d11efb57ed4b2

Files

bf70ce663b521883d433339da310e845299b95ac37f4f755f70d11efb57ed4b2
.dll windows:6 windows x64 arch:x64

c18df1523174a0fccb885d06e3d08d82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

edcore

?set@?$Matrix@$03M@Math@@QEAAAEAV12@M@Z
?set@?$Matrix@$03N@Math@@QEAAAEAV12@N@Z
?set@?$Matrix@$02N@Math@@QEAAAEAV12@N@Z
?set@?$Matrix@$01N@Math@@QEAAAEAV12@N@Z
ed_vlogf
?set@?$Matrix@$02M@Math@@QEAAAEAV12@M@Z
?set@?$Matrix@$01M@Math@@QEAAAEAV12@M@Z
?fatal_out_of_memory@ed@@YAXPEBD_K@Z

world

?worldPluginManager@@3PEAVWorldPluginManager@@EA

worldgeneral

?globalHumanPlane@@3PEAVIwHumanPlane@@EA
?get_cells_properties@Aircraft_Descriptor@@QEBAPEBUcells_properties@@H@Z

fmbase

?setQuaternion@DynamicBody@EagleFM@@QEAAXAEBU?$Rotation3@M@Math@@@Z
?setPosition@DynamicBody@EagleFM@@QEAAXAEBV?$Vector@$02N@Math@@@Z
?setVelocity@DynamicBody@EagleFM@@QEAAXAEBV?$Vector@$02N@Math@@@Z
?setRotateSpeed@DynamicBody@EagleFM@@QEAAXAEBV?$Vector@$02N@Math@@@Z
?setAcceleration@DynamicBody@EagleFM@@QEAAXAEBV?$Vector@$02N@Math@@@Z
?setRotAcceleration@DynamicBody@EagleFM@@QEAAXAEBV?$Vector@$02N@Math@@@Z
??1DynamicBody@EagleFM@@UEAA@XZ
??0DynamicBody@EagleFM@@QEAA@N@Z
?init@DynamicBody@EagleFM@@QEAAXAEBUDynamicState@2@@Z
?addForce_lw@DynamicBody@EagleFM@@QEAAXAEBV?$Vector@$02N@Math@@0@Z
?addMoment_l@DynamicBody@EagleFM@@QEAAXAEBV?$Vector@$02N@Math@@@Z
?changeMass__MassPos_l__MOI_l@DynamicBody@EagleFM@@QEAAXNAEBV?$Vector@$02N@Math@@0@Z

cockpitbase

ed_cockpit_set_draw_argument
ed_cockpit_set_external_draw_argument
?contexts_ptr@ccCockpitContext@cockpit@@0PAPEAV12@A

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exceptions@std@@YAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
_purecall
__current_exception
__current_exception_context
__C_specific_handler
memset
_CxxThrowException
__std_type_info_destroy_list
__std_terminate
__std_exception_destroy
memcpy
memmove

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_invalid_parameter_noinfo_noreturn

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RtlCaptureContext
IsDebuggerPresent
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentThreadId
InitializeSListHead
GetSystemTimeAsFileTime
GetModuleHandleA
GetProcAddress
ExitProcess
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

api-ms-win-crt-math-l1-1-0

ceilf
atan
asin
cos
pow
sin
sqrt
tan

Exports

Exports

?GetDebugForces@CE2_FM@@YAPEAV?$array@UForce@CE2_FM@@$0N@@std@@XZ
?GetDebugStream@CE2_FM@@YAPEAV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Reset@Autopilot@CE2_FM@@YAXXZ
?SetAltitudeHoldMode@Autopilot@CE2_FM@@YAXXZ
?SetAttitudeHoldMode@Autopilot@CE2_FM@@YAXXZ
?get_data@CE2_FM@@YAPEAVAircraftData@Svi_podaci@@XZ
BagamiasPulaNMata
ed_fm_add_global_force
ed_fm_add_global_moment
ed_fm_add_local_force
ed_fm_add_local_moment
ed_fm_change_mass
ed_fm_cold_start
ed_fm_configure
ed_fm_debug_watch
ed_fm_enable_debug_info
ed_fm_get_external_fuel
ed_fm_get_internal_fuel
ed_fm_get_param
ed_fm_get_shake_amplitude
ed_fm_hot_start
ed_fm_hot_start_in_air
ed_fm_need_to_be_repaired
ed_fm_on_damage
ed_fm_on_planned_failure
ed_fm_pop_simulation_event
ed_fm_release
ed_fm_repair
ed_fm_set_atmosphere
ed_fm_set_command
ed_fm_set_current_mass_state
ed_fm_set_current_state
ed_fm_set_current_state_body_axis
ed_fm_set_draw_args
ed_fm_set_easy_flight
ed_fm_set_external_fuel
ed_fm_set_fc3_cockpit_draw_args
ed_fm_set_immortal
ed_fm_set_internal_fuel
ed_fm_set_property_numeric
ed_fm_set_property_string
ed_fm_simulate
ed_fm_unlimited_fuel

Sections

.text
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX2
Size: - Virtual size: 438B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX3
Size: - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX4
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX5
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX6
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c18df1523174a0fccb885d06e3d08d82

Headers

DLL Characteristics

File Characteristics

Imports

edcore

world

worldgeneral

fmbase

cockpitbase

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 146KB

.rdata Size: - Virtual size: 64KB

.data Size: - Virtual size: 5KB

.pdata Size: - Virtual size: 5KB

.UPX0 Size: - Virtual size: 480B

.UPX1 Size: - Virtual size: 3KB

.UPX2 Size: - Virtual size: 438B

.UPX3 Size: - Virtual size: 630B

.UPX4 Size: - Virtual size: 4.9MB

.UPX5 Size: 3KB - Virtual size: 2KB

.UPX6 Size: 8.7MB - Virtual size: 8.7MB

.reloc Size: 512B - Virtual size: 280B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 146KB

.rdata
Size: - Virtual size: 64KB

.data
Size: - Virtual size: 5KB

.pdata
Size: - Virtual size: 5KB

.UPX0
Size: - Virtual size: 480B

.UPX1
Size: - Virtual size: 3KB

.UPX2
Size: - Virtual size: 438B

.UPX3
Size: - Virtual size: 630B

.UPX4
Size: - Virtual size: 4.9MB

.UPX5
Size: 3KB - Virtual size: 2KB

.UPX6
Size: 8.7MB - Virtual size: 8.7MB

.reloc
Size: 512B - Virtual size: 280B

.rsrc
Size: 512B - Virtual size: 469B