c5e9460121880dfb3c102fef6b65e3631598dbcee69e992d12e1f6bab9d7681f | Triage

Sharing

General

Target

c5e9460121880dfb3c102fef6b65e3631598dbcee69e992d12e1f6bab9d7681f
Size

34KB
MD5

8510e9f743a7b2c6f1e7087d2359a8b3
SHA1

99014323355ae3b164b0055f4d79ac161aba7434
SHA256

c5e9460121880dfb3c102fef6b65e3631598dbcee69e992d12e1f6bab9d7681f
SHA512

341ac0c2034410ca7d6ef2131a7512fc8bff8a0ced892c0e9e9d24eeb968ccc1e15472e4f8b90f8438eb6e64c3db0a5ad2c57d48471c4accce465c5b383228f3
SSDEEP

384:KEvmVAXXZwGs0Ucp6waDS5EpSdb54sYFcTMW9hvJUImv:KEuVIJwGs0Ucp605EpSd14sY+TNhOIm

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

c5e9460121880dfb3c102fef6b65e3631598dbcee69e992d12e1f6bab9d7681f
.exe windows x86

f1bac5acb6480ef648c2d3e35f763f3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
WinExec
DeleteFileA
FreeResource
SizeofResource
LoadResource
FindResourceA
GlobalAlloc
RemoveDirectoryA
SetLocalTime
GetLocalTime
GetTempPathA
GetCurrentProcess
GetModuleFileNameA
WriteFile
FlushFileBuffers
GlobalFree
CloseHandle
Sleep
GetSystemDirectoryA
GetTempFileNameA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateFileA
SetFilePointer
DeviceIoControl
GetModuleHandleA
ReadFile

advapi32

RegOpenKeyA
RegDeleteValueA
RegCloseKey
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
ControlService
DeleteService
StartServiceA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

user32

wsprintfA

Sections

UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE