baf7bbd03b3d3e0aa565309363fa7464cce499d51894d884e1b24347002a4c27 | Triage

Sharing

General

Target

baf7bbd03b3d3e0aa565309363fa7464cce499d51894d884e1b24347002a4c27
Size

38KB
MD5

e10152788c1b2188fb7f4f6c7a4a5e82
SHA1

cc4f02cbfd6f503fa8f3a49c63456ecf9b4a736f
SHA256

baf7bbd03b3d3e0aa565309363fa7464cce499d51894d884e1b24347002a4c27
SHA512

d92bcc5d1c7906e7684fb9070e0c08141a889723477960e0d7a5abfb70e94fe4dfabadd7b3bc83d97466cb1dd2209cccc8c566b4f32df0525f62253986dd91cc
SSDEEP

192:pmKKE8ZbszOS7dCzg0yLpMSxATu7FQVTuM+aUXZSaEMX3Mk8m3IZh00:pwzhFIdj7vxATu7ax6XcMGm3N0

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

baf7bbd03b3d3e0aa565309363fa7464cce499d51894d884e1b24347002a4c27
.exe windows x86

50cdf1969504944e541743429d518e59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA
GetTempPathA
SetCurrentDirectoryA
FindResourceA
LoadResource
SizeofResource
LockResource
CreateFileA
WriteFile
CloseHandle
FreeResource
GetSystemDirectoryA
CopyFileA
Sleep

msvcrt

_controlfp
strcpy
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memset
strcat
sprintf
_access

shell32

ShellExecuteA

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE