35f66b9683f15ca3436a711ee1f616ff670401afa886dacc3980af442b0c1f8e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35f66b9683f15ca3436a711ee1f616ff670401afa886dacc3980af442b0c1f8e
Size

30KB
MD5

71fb40563ed474b28f241ecfaafce837
SHA1

93fa6e985c9ce777192880ca21f302e6b601c3f3
SHA256

35f66b9683f15ca3436a711ee1f616ff670401afa886dacc3980af442b0c1f8e
SHA512

4b40897ae2ce1de1848e9466eec5623a05dcb786b502ce93685680b1f0fd72aab36098350ff9667f576b576a1c66a6ffd46610b1beb2a974e89f9a2e643a43fe
SSDEEP

768:5pt1/YR13HAzaQhvb/uyzi/GNC4NodbZKNYwMapKed:Da3rQ9C7fKrMs1

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

35f66b9683f15ca3436a711ee1f616ff670401afa886dacc3980af442b0c1f8e
.exe windows x86

29a21b15aeffab15610e996622898014

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetStartupInfoA
CloseHandle
ReadFile
SetFilePointer
GetProcessId
CreateFileA
ExitProcess
Sleep
GetLastError
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualAlloc
VirtualProtect
VirtualFree
GetCommandLineA
LoadLibraryA
IsBadReadPtr
lstrcmpiA
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
GetModuleHandleA
HeapReAlloc
WriteFile
GetStdHandle

shlwapi

StrStrA

user32

wvsprintfA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE