a9d9fb32e427ed0f04653e5e45cb1832c5ae354eff2bfbd60248ac95985beef0 | Triage

Sharing

General

Target

a9d9fb32e427ed0f04653e5e45cb1832c5ae354eff2bfbd60248ac95985beef0
Size

18KB
MD5

c83ad2347b7aa6afa2d8f7f02c9f7f90
SHA1

4808fe75d715c378b22ce0f67d9bc2aaeb250dfd
SHA256

a9d9fb32e427ed0f04653e5e45cb1832c5ae354eff2bfbd60248ac95985beef0
SHA512

3e0c4a7f2406a00993f3821cd4933ed2425a6044aee408012aa795987159ab8d8cb541abb6d45119f2e1ea16b3867a568bc4bc85125a7759ff0a2ca706123dc2
SSDEEP

96:iydKyi+OuumBx3SGedC/jOlSrKWS/kYp3:iycluuiBe6jq+KFl

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

a9d9fb32e427ed0f04653e5e45cb1832c5ae354eff2bfbd60248ac95985beef0
.dll windows x86

772915cf5c1909917e9b0fbd6e2cefaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CreateFileA
GetFileSize
lstrcpynA
FreeLibrary
Process32First
OpenProcess
Sleep
ReadFile
lstrcatA
lstrcmpiA
GetProcAddress
LoadLibraryA
Process32Next
DeleteFileA
GetCurrentThreadId
CloseHandle
GetVersion
GetTempPathA
CreateToolhelp32Snapshot

advapi32

OpenProcessToken
CreateProcessAsUserA

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
atoi
strstr
memset

user32

GetThreadDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE