b93fc5a086275c719bcd39045662d67f645f5542542621f6b6dad0a0f780fbfe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b93fc5a086275c719bcd39045662d67f645f5542542621f6b6dad0a0f780fbfe
Size

55KB
MD5

c4468dc5655aaa03a55ef6b95ba76870
SHA1

05f79b6fbb984f7ed37f066d0c03de4e68f80391
SHA256

b93fc5a086275c719bcd39045662d67f645f5542542621f6b6dad0a0f780fbfe
SHA512

56606456c6d67ba0bd0bc4bfbb7e04d4d7f3ffc7fbced7c9da8a969f380697c7437d8365eca38e1542a65a5e1e3385db287c13235f0191d3fb6663ae4fda0707
SSDEEP

1536:fI6gJzxBzX9fOjOa8izvwbfxTFrcGb/Rn:fm9zzX1OjJrI7TP/Rn

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

b93fc5a086275c719bcd39045662d67f645f5542542621f6b6dad0a0f780fbfe
.dll windows x86

b8266dc81a6ab2749f0f8813a14b1dd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

PeekMessageA

ws2_32

gethostbyname

Exports

Exports

AddReply
HandleEventHook
RegisterCallback

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 50KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE