2b2152e7ba5f541c98c51c12501bf19fbbddc36046f193b4167d50ce06c59011

Sharing

Copy URL Twitter E-mail

General

Target

2b2152e7ba5f541c98c51c12501bf19fbbddc36046f193b4167d50ce06c59011
Size

749KB
MD5

5b39bf0068c03059fe264de19950693a
SHA1

fd6d52a272248f9c1d65a925ed23b6d429cf3ff2
SHA256

2b2152e7ba5f541c98c51c12501bf19fbbddc36046f193b4167d50ce06c59011
SHA512

d0e59e1502d26ce9314c9968b7c17f51bdb37f341369690fc0c0388a9ba165100f14ad7003d155a1af4feb1a74db78765def89f77b1f10485664f60c256f2d6e
SSDEEP

12288:he2GHsoBfTv9VNzscu3shluP51sxQHRDiJM0S0s5J0jPSuenzjOHpU:hYBBf5bsLqleoGDiJM4AruezYpU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Software_attribute_replicator-main/ico_sacker.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Software_attribute_replicator-main/cert_temp.cer
unpack001/Software_attribute_replicator-main/ico_sacker.exe
unpack002/out.upx
unpack001/Software_attribute_replicator-main/info_sacker.exe

Files

2b2152e7ba5f541c98c51c12501bf19fbbddc36046f193b4167d50ce06c59011
.zip
Software_attribute_replicator-main/LICENSE
Software_attribute_replicator-main/README.md
Software_attribute_replicator-main/cert_temp.cer
.exe windows:10 windows x64 arch:x64

25bd8cfe71808f06ece80231211e68cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

helppane.pdb

Imports

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
EqualSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetSidLengthRequired
InitializeSid
IsValidSid
GetSidSubAuthority
GetLengthSid
CopySid
SetEntriesInAclW

kernel32

LocalFree
CloseHandle
GetLastError
WaitForSingleObject
SetEvent
GetQueuedCompletionStatus
ResetEvent
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
CreateEventW
ProcessIdToSessionId
GetCurrentProcessId
GetExitCodeThread
TerminateThread
LoadLibraryExW
lstrcmpiW
CreateMutexW
GetSystemDirectoryW
SetCurrentDirectoryW
HeapSetInformation
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
FormatMessageW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
LockResource
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateThreadpoolTimer
GetFileAttributesW
InitOnceComplete
InitOnceBeginInitialize
GetPackagesByPackageFamily
GetCurrentThread
CompareStringW
CreateMutexExW
CreateSemaphoreExW
CreateThread
ResumeThread
MulDiv
WaitForMultipleObjects
GetCurrentProcess
LocalAlloc
GlobalFree
GlobalAlloc
GetVersionExW
MultiByteToWideChar
LoadLibraryW
FreeLibrary
RaiseException
GetCurrentThreadId
SetLastError
GetModuleFileNameW
InitializeCriticalSection
ExpandEnvironmentStringsW
FindResourceExW
OutputDebugStringW
GetProcAddress
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadResource
DelayLoadFailureHook
ResolveDelayLoadedAPI
SizeofResource
ReleaseSemaphore

gdi32

GetTextExtentPoint32W
SelectObject
GetDeviceCaps
GetStockObject
CreateFontIndirectW
GetObjectW
SetTextColor
SetBkMode
DeleteObject

user32

IsIconic
GetWindowPlacement
MonitorFromRect
GetMonitorInfoW
GetWindowRect
MonitorFromPoint
GetProcessDefaultLayout
GetDC
ReleaseDC
ShowWindow
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
EnableWindow
EndDialog
BringWindowToTop
SetDlgItemTextW
GetDlgItemTextW
UnregisterClassA
SetCursor
LockWindowUpdate
PostQuitMessage
LoadCursorW
SystemParametersInfoW
DestroyIcon
GetSystemMetrics
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
CharNextW
PostMessageW
KillTimer
SetTimer
MessageBoxW
SetActiveWindow
GetKeyState
SetWindowTextW
DestroyMenu
DialogBoxParamW
TrackPopupMenuEx
ClientToScreen
EnableMenuItem
CheckMenuRadioItem
InvalidateRect
GetParent
LoadMenuW
GetSubMenu
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
RegisterClassExW
GetClassInfoExW
DefWindowProcW
CreateWindowExW
SetFocus
IsWindowVisible
IsWindowEnabled
MoveWindow
AdjustWindowRectEx
GetMenu
GetWindowLongW
SetWindowPos
GetSysColorBrush
GetSysColor
IsZoomed
GetClientRect
SendMessageW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__cexit
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wtoi
_o_abort
_o_calloc
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
wcschr
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

comctl32

ord344
ord380
ImageList_LoadImageW
InitCommonControlsEx
ord345
ImageList_Destroy

ole32

CoUninitialize
CoTaskMemAlloc
CoGetMalloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
OleInitialize
CoInitializeSecurity
PropVariantClear
CoResumeClassObjects
CoRevokeClassObject
OleUninitialize
CoImpersonateClient
CoCreateInstance
CoRevertToSelf
CoRegisterClassObject

oleaut32

DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
LoadTypeLibEx
VarBstrCat
SetErrorInfo
GetErrorInfo
VariantCopy

shell32

ShellExecuteW
SHGetPropertyStoreForWindow

shlwapi

ord2
SHStrDupW
SHRegGetValueW
ord176
SHGetValueW
UrlUnescapeW
UrlEscapeW

ntdll

NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapSize

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
FlushInstructionCache
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
OpenEventW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

FreeSid
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-localization-l1-2-0

GetUserPreferredUILanguages

Sections

.text
Size: 380KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Software_attribute_replicator-main/favicon.ico
Software_attribute_replicator-main/ico_sacker.cfg
Software_attribute_replicator-main/ico_sacker.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Software_attribute_replicator-main/info_sacker.exe
.exe windows:5 windows x64 arch:x64

02eb6c917f376ad581f4e045e3c6628a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\rcedit\Default\rcedit.pdb

Imports

kernel32

DecodePointer
FreeResource
LockResource
FreeLibrary
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
ReadFile
SetFilePointer
CloseHandle
LoadLibraryExW
FindResourceW
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
SetEndOfFile
ReadConsoleW
GetCurrentDirectoryW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetFullPathNameW
GetFullPathNameA
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
GetDriveTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringA
CreateThread
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetCurrentDirectoryW
RtlUnwind

user32

UnregisterClassW

Sections

.text
Size: 962KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Software_attribute_replicator-main/ui.py

Sharing

General

Malware Config

Signatures

Files

25bd8cfe71808f06ece80231211e68cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

comctl32

ole32

oleaut32

shell32

shlwapi

ntdll

api-ms-win-core-path-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-localization-l1-2-0

Sections

.text Size: 380KB - Virtual size: 376KB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 16KB - Virtual size: 19KB

.pdata Size: 16KB - Virtual size: 15KB

.didat Size: 4KB - Virtual size: 112B

.rsrc Size: 524KB - Virtual size: 523KB

.reloc Size: 4KB - Virtual size: 2KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 21KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 11KB - Virtual size: 10KB

02eb6c917f376ad581f4e045e3c6628a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 962KB - Virtual size: 961KB

.rdata Size: 243KB - Virtual size: 242KB

.data Size: 11KB - Virtual size: 21KB

.pdata Size: 42KB - Virtual size: 42KB

.idata Size: 5KB - Virtual size: 5KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 416KB - Virtual size: 415KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 380KB - Virtual size: 376KB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 16KB - Virtual size: 19KB

.pdata
Size: 16KB - Virtual size: 15KB

.didat
Size: 4KB - Virtual size: 112B

.rsrc
Size: 524KB - Virtual size: 523KB

.reloc
Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 11KB - Virtual size: 10KB

.text
Size: 962KB - Virtual size: 961KB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 11KB - Virtual size: 21KB

.pdata
Size: 42KB - Virtual size: 42KB

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 416KB - Virtual size: 415KB

.reloc
Size: 9KB - Virtual size: 9KB