987cd07aa5f748e7346a01c5a8e89d6cdae6cae6ab0e523a2722fbac2eccd69a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

987cd07aa5f748e7346a01c5a8e89d6cdae6cae6ab0e523a2722fbac2eccd69a
Size

221KB
MD5

492a70ee68ee3d50ac20ac4ddbe03a14
SHA1

5813ce8670ec59700bae9c5b467bb07c209266d9
SHA256

987cd07aa5f748e7346a01c5a8e89d6cdae6cae6ab0e523a2722fbac2eccd69a
SHA512

e153354d3cbdabb77ef0f85f28889559b5d14d606a4808eadfaa50110ea41e2748d5f0f45ffa3017592dfc4839ede9caff44c012172c3667576291bb9a2b8d75
SSDEEP

6144:qIF+x2zTGHPdp8G5xOZ1sx1S0yUR++NZLo+zZR:qI+2f0p8G54+S7aL1zZR

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

987cd07aa5f748e7346a01c5a8e89d6cdae6cae6ab0e523a2722fbac2eccd69a
.exe windows x86

ed0f93126a6f5f3b354011b6279ea48b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ExitProcess
FreeLibrary
GetACP
GetCommandLineA
GetCurrentProcessId
GetLocaleInfoW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetVersion
GetVersionExA
HeapAlloc
HeapCreate
HeapReAlloc
MultiByteToWideChar
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
VirtualFree
WideCharToMultiByte
lstrcpyA
lstrcpynA
lstrlenA

user32

TranslateMessage
PostQuitMessage
GetDlgCtrlID

ole32

CoCreateInstance
CoCreateGuid
CLSIDFromString
StringFromGUID2

advapi32

GetMultipleTrusteeOperationW
GetSidSubAuthority

shlwapi

SHRegGetPathA
StrStrW
PathRenameExtensionA
PathFindFileNameA
StrStrA

shfolder

SHGetFolderPathA

Sections

.text
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE