ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f | Triage

Sharing

General

Target

ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f
Size

52KB
MD5

ff7da58a71b78c642d0ee95133e57a39
SHA1

3ce7dc9b8689946a8aff900b767a3e46411acd24
SHA256

ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f
SHA512

8c5f40813dad591d4a9babbd3eac0621808c97edbbf6af8d2b03d831fa56eb154c27acecf5ced03d32d88d40230c0e9781cbd2b9cb76a49e95a806f9590bc7ac
SSDEEP

768:XxDKZUrdq0vNVwlUM2RQCHHBSIdaZt77fKG4bMqFuI+E+7C7iMrQityILtlmXV+v:AZU0lW98ZtJ7C7iM04ln

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

ab9b7bb7a5028317022f95ac602c1d474c0b88a9b423aa9224e500f1a420bb5f
.dll windows x86

9191d5d17d45ce5256e289fb0193209f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset

kernel32

GetTickCount
lstrcatA
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA

user32

InvalidateRgn
CloseWindow
IsCharAlphaA

shlwapi

StrStrA
StrToIntA
StrCmpLogicalW
PathStripPathA

Exports

Exports

?DecodeArgumentA@@YG_KPAUHINSTANCE__@@U_COMMPROP@@@Z
?DecodeArgumentW@@YG_KPAUHINSTANCE__@@U_COMMPROP@@@Z
?EncodeArgumentW@@YG_KPAUHINSTANCE__@@U_COMMPROP@@@Z

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mkdir
Size: - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ