fb3aceff116aed3bfe007298b5f95b4fe97726b446fe95bb2abaa9659cf08313 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb3aceff116aed3bfe007298b5f95b4fe97726b446fe95bb2abaa9659cf08313
Size

160KB
MD5

6b3e6a88cf2196600bd6d6487893d9a0
SHA1

145a192efc9d8f0aba35a49217d34112c59549b1
SHA256

fb3aceff116aed3bfe007298b5f95b4fe97726b446fe95bb2abaa9659cf08313
SHA512

7ee22029173a4e7c605f701a3e47b3592d5ca9b6db6e05572d759ab99a7e0a81f0995c837d0168bf9109ca2db205d17f4849bfc5bfd58b4bca9da47f8d48dc7f
SSDEEP

3072:isJTLQwGo2e0FCYQwBAMv/2eRUSrJXHh0rQ75o9IX:isCwQePY/BJ/8StBj769M

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

fb3aceff116aed3bfe007298b5f95b4fe97726b446fe95bb2abaa9659cf08313
.exe windows x86

5e933cce7a1fd2b84f6aa790cd6799d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapFree
RtlUnwind
GetCommandLineA
GetVersion
GetLastError
CloseHandle
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CreateFileA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
SetEndOfFile
FlushFileBuffers
SetUnhandledExceptionFilter
MultiByteToWideChar
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE