bf39dab861ba7f58b7569283011ea18fa81a4f0956a349e158a306434c5ee449 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf39dab861ba7f58b7569283011ea18fa81a4f0956a349e158a306434c5ee449
Size

120KB
MD5

671345f23591db7aae9816d85a247000
SHA1

3ceb82875669d17873c6b03ac53658af8b5f5568
SHA256

bf39dab861ba7f58b7569283011ea18fa81a4f0956a349e158a306434c5ee449
SHA512

c6cbaf52754602a9f5929a31af1bc5299d514b469747517ef8276dc3e2cee802d3581ce431e05935e56451151c93cad78f6cbd73dd8561b0ee2dc409bd503f4e
SSDEEP

1536:NCyibbbt2Sa9IHVFQsJO+CD/YAinM0/yX9Ev:NCzbt/bLu+CUO/Xev

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

bf39dab861ba7f58b7569283011ea18fa81a4f0956a349e158a306434c5ee449
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?ExtractServices@@YAHPAD@Z
?InitSQLConnectOff@@YAHPAD@Z
InitSQLConnect
SQLAlloc
SQLClose
SQLExecute
SQLFree
SQLQuery
Uninstall

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE