1[.]exe | Triage

General

Target

1.exe
Size

204KB
MD5

21a05f8f6f5402757c74e0c4b7e40786
SHA1

1e9d519b601b39dc76a8e0a2da50c6ba6978d58d
SHA256

1318f8a4566a50537f579d24fd1aabcf7e22e89bc75ffd13b3088fc6e80e9a2a
SHA512

e3352cca7728fea90a0be4c4326aa42e684dda66f16d3c0c91f92464b6aa2fda0c9385d4ec6b21d18073a127b8f1cf0d071151675e7fd47154198bf1bddc9e58
SSDEEP

1536:dvKSz7JSYOTcZ4+Ir2cJI6A4fS58yqiwUxkOceFgX+22UdF2yIj6+OYuBf5lfEDX:0oJSOQr2caLXEQxZcGgX52SpjVsuWtR

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

1.exe
.exe windows x86

489a2424d7a14a26bfcfb006de3cd226

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
VirtualAllocEx
GetACP
GetEnvironmentStringsW
GetOEMCP
GetTickCount
CreateEventA
GetProcAddress
GetCommandLineA
LoadLibraryW
GetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetProcessHeap
InterlockedIncrement
lstrlenA
GetVersionExA
GetVersionExW
GetModuleHandleA
CompareStringW
CompareStringA
LCMapStringW
GetStartupInfoW
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetModuleFileNameA
SetFilePointer
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
FatalAppExitA
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
LoadLibraryA
SetStdHandle
Sleep
FlushFileBuffers
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CloseHandle
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetLocaleInfoW
LCMapStringA
SetEnvironmentVariableA

user32

LoadCursorFromFileA
CharUpperW

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

489a2424d7a14a26bfcfb006de3cd226

Headers

File Characteristics

Imports

kernel32

user32

Sections

UPX0 Size: 60KB - Virtual size: 60KB

UPX1 Size: 68KB - Virtual size: 68KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 60KB - Virtual size: 60KB

UPX1
Size: 68KB - Virtual size: 68KB

UPX2
Size: 72KB - Virtual size: 72KB