0765685b1239ef54a5af8e8e4de2739d18900ff226f456046def0e42a66ef8b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0765685b1239ef54a5af8e8e4de2739d18900ff226f456046def0e42a66ef8b9
Size

279KB
MD5

574cbe69ce869dc95a858bc170e0797a
SHA1

38f07c627dba34644dde52122d4b351f5492b18e
SHA256

0765685b1239ef54a5af8e8e4de2739d18900ff226f456046def0e42a66ef8b9
SHA512

cb9dd0e18bc17cbf91b9e5b62b781f4f3341b033ff3b645026be1217316885d169ce5c4d38892dec71249f488b6ddafb7f5de136c9479acc28bb1ec381395c0c
SSDEEP

6144:XyaYXwtKDfwkBYK5Tz77uCYXilJbg5O5/9W:XIlJYK5/7+XST5l

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

0765685b1239ef54a5af8e8e4de2739d18900ff226f456046def0e42a66ef8b9
.exe windows x86

f8e53dc3e8bd48fea89fab108073f4f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oravppdc

vppsclose
vppgetparam
vppnls_atoi
vpprealloc
vppdirfree
vppdirget
vppfilerew
vppalloc
vppfilereorg
vppfilerf_size
vppfilerf
vppfileclose
vpprecogetsock
vppfree
vpacpy
vppfilefo
vppfilewf
vppfileo
vppfilefgets
vppfilefc

oran8

osncon

oranls8

lxhidtolang
lxhcurrlangid
lxinitc
lxlinit
lxldini
lmsagbf
lmsaid

oracore8

LhtIntCreate
lfilini
lmebucp
slzgetevar
lpminit
LhtIntSearch
lfifcp
lfifex
lfiopn
lfimknam
lfird
lfiwr
LhtIntInsert
lfifno
lficls
lfidlb

msvcrt

_exit
exit
_XcptFilter
memmove
strrchr
_adjust_fdiv
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
atol
__setusermatherr
_initterm
__getmainargs
__p___initenv
strncmp
sscanf
sprintf
printf

kernel32

GetVersionExA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE