3df50a06f7709e466e2254f0044fa32e4f435bd4b1eda0d92104fc58555cabda | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3df50a06f7709e466e2254f0044fa32e4f435bd4b1eda0d92104fc58555cabda
Size

886KB
MD5

04f74642146eeb07cdc87058e3877d6b
SHA1

f3ff88d42ff303666473c0856c85e8f7a1924261
SHA256

3df50a06f7709e466e2254f0044fa32e4f435bd4b1eda0d92104fc58555cabda
SHA512

dea3d3ed9a863cd6b58d2bd7624a32505eef47cbcf36432ef0d59443b96ab892ad1e781fa5bbf88677a57beaf15fe391e8cc3e40166241ed86c44446f59fb636
SSDEEP

12288:02cjEJnk5y6/FOD1ho6zWD07N0RoG5XS6SarFLhzFAkNoDF/UE5Vm1k2mrXVsw:0pjEJ5cO5h/7N0RtpfFAkNkFzCmjVsw

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

3df50a06f7709e466e2254f0044fa32e4f435bd4b1eda0d92104fc58555cabda
.exe windows x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 690KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE