2f375d2d3b77f2df93f1e932a91c4c64d414c73d61535d679cbc463c26e20a2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f375d2d3b77f2df93f1e932a91c4c64d414c73d61535d679cbc463c26e20a2e
Size

259KB
MD5

53a9e8f62974a401e4fb359f7b5b3900
SHA1

acd4cd1430beaef71cc99fc194a8c5556b18e46c
SHA256

2f375d2d3b77f2df93f1e932a91c4c64d414c73d61535d679cbc463c26e20a2e
SHA512

5888f12ca332c5572bf95620e1656554a2e605d8ca49257bac39860f22a6ab4bb0f2d2bcdffed8bbcc4dca332bd2398f7c19062bc6db0b5f225adf9730e0aafd
SSDEEP

384:PMkyC7bblL+Os9RjzimixyYMQP1bJmG6y0:PM27vlLFsdQPPh6B

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

2f375d2d3b77f2df93f1e932a91c4c64d414c73d61535d679cbc463c26e20a2e
.exe windows x86

e87831275c0084942ea844941fd8343f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GlobalMemoryStatus
GetVersionExA
GetModuleHandleA
GetSystemDirectoryA
GetStartupInfoA
CopyFileA
GetLastError
lstrlenA
ExitThread
Sleep
GetCurrentProcessId
GetTickCount
HeapAlloc
GetProcessHeap
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA

advapi32

RegOpenKeyA
OpenServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegCloseKey
CreateServiceA
StartServiceA
DeleteService
RegSetValueExA
CloseServiceHandle

comdlg32

GetFileTitleA

mfc42

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
printf
rand
srand
time
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_except_handler3
__CxxFrameHandler
strncmp
atoi
strstr
exit

user32

wsprintfA

ws2_32

WSASocketA

Sections

UPX0
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE