5835064df41847d888282b9f9674a95348bc5a342a49902797f2d2e1988d052d | Triage

Sharing

General

Target

5835064df41847d888282b9f9674a95348bc5a342a49902797f2d2e1988d052d
Size

25KB
MD5

52f89f3f4ab4a0dc32e9a9c777f1ebe0
SHA1

98fcbefc36ad9978524dcbd8db028fe18c26f998
SHA256

5835064df41847d888282b9f9674a95348bc5a342a49902797f2d2e1988d052d
SHA512

8fe01b3e9f0806fc490a76cb04cd85db262a540013319d5f45e7dd96be110f08b6ddb82eb23d322c268917fe3ee5ebf48c9ec0cf2f19d1fbb8f3cc6b8e731d19
SSDEEP

192:H6Xecw0JKLh0RczPJ6uiVtpwZPEyncjWO9SwOGgxDUv1K+:aXecwr3mVtStn2SJ/UdK+

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

5835064df41847d888282b9f9674a95348bc5a342a49902797f2d2e1988d052d
.exe windows x86

20abfdeaecdd331db776ab401fc6977a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetModuleHandleA
GetSystemTimeAsFileTime
LoadResource
ExitProcess
SizeofResource
WriteFile
lstrcatA
lstrcpyA
CreateFileA
CreateDirectoryA
LockResource
CloseHandle

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE