alternative v3[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

alternative v3.rar
Size

308KB
MD5

9f6ab7ddf403a3c8e9d85266c0c29633
SHA1

64584ff4a9d16bfb5faa1f8a078b5e5c0f212bf8
SHA256

93a83646005dd03fc1f48b80305965cb4a92a6ebdcf8f1236887eb4486a822f5
SHA512

d0b8302740f7983d6a256d1c8010cf2f66969654e69bcabbcd8ff8f35a654470bbca1ff2ebcfd5539d87a2cf26095336f29c28e0c0e83e2da103b02ebb53645f
SSDEEP

6144:Nam1Vuzv5qXJEwwyFtMNGSGFSJzZtG9shLAAfpLVNyeXl/lJ6:NMumwwyFtRSG4zZtG92JfnMY9J6

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/alternative v3/alternative.hl.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/alternative v3/alternative.dll
unpack001/alternative v3/alternative.hl.exe
unpack002/out.upx

Files

alternative v3.rar
.rar
alternative v3/alternative.dll
.dll windows:6 windows x86 arch:x86

eeaa77710affd175cc9839e91342d393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\cheat's\AlNa\Новая папка\Release\AlterNative.pdb

Imports

kernel32

GetPrivateProfileStringA
lstrlenA
lstrcpynA
lstrcmpA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpyA
Sleep
DisableThreadLibraryCalls
CreateThread
CreateDirectoryA
IsBadReadPtr
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
VirtualProtect
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetLastError
WritePrivateProfileStringA
FlushInstructionCache
GetTickCount

user32

SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetClientRect
SetCursor
SetCapture
ClientToScreen
GetCapture
GetActiveWindow
ScreenToClient
LoadCursorA
GetKeyState
FindWindowA
CallWindowProcA
SetWindowLongA
MessageBoxA
ReleaseCapture

shell32

SHGetFolderPathA
ShellExecuteA

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
_File_size
_Unlink
_Remove_dir
_To_wide
_Close_dir
_Open_dir
_Lstat
_Read_dir
_Stat
_To_byte
?_Xinvalid_argument@std@@YAXPBD@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z

opengl32

glPopMatrix
glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glEnable
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glTexCoordPointer
glTexImage2D
glColorPointer
glDrawElements
glDisable
glPushMatrix
glPixelStorei
glOrtho
glPushAttrib
glGetIntegerv
glDepthRange
glLineWidth
glClearColor
glTexEnvi
glGetFloatv
glDepthFunc

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

vcruntime140

strstr
__CxxFrameHandler3
memmove
__std_terminate
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__vcrt_InitializeCriticalSectionEx
memcpy
__std_exception_destroy
memset
_purecall
__std_type_info_compare
memchr
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_errno
terminate
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_wassert

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_libm_sse2_log10_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_cos_precise
_dtest
roundf
_except1
ceil
_libm_sse2_atan_precise
_fdtest
_libm_sse2_acos_precise
_CIfmod
floor
_libm_sse2_tan_precise
_CIatan2

api-ms-win-crt-convert-l1-1-0

atof
atoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fputc
fflush
__stdio_common_vsscanf
_wfopen
fclose
fgetc
__stdio_common_vfprintf
fseek
fread
ftell
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vsprintf
fwrite

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_access

api-ms-win-crt-string-l1-1-0

strncpy
isprint
isspace
_stricmp
isalpha
toupper

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alternative v3/alternative.hl.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alternative v3/injmthd.ini

Sharing

General

Malware Config

Signatures

Files

eeaa77710affd175cc9839e91342d393

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

msvcp140

opengl32

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 379KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 6KB - Virtual size: 423KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 24KB - Virtual size: 23KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 168KB - Virtual size: 168KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 380KB - Virtual size: 379KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 6KB - Virtual size: 423KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 24KB - Virtual size: 23KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 2KB - Virtual size: 1KB