fb6f8caf0711fff2e256e5b968ae80702da46932a73082c39d36b1ac5f561975 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb6f8caf0711fff2e256e5b968ae80702da46932a73082c39d36b1ac5f561975
Size

177KB
MD5

fe1a389e0464727b6f95ecddf57b96b0
SHA1

9e5922e4b5f6ac68529c8a83760e9b153f32f357
SHA256

fb6f8caf0711fff2e256e5b968ae80702da46932a73082c39d36b1ac5f561975
SHA512

bcc082512619b9d73e91267dd0f7bf210691ee382e9a311eede2b2317119befa1682b7b45cd37396f8c1a1ba43a2348817e16bd919db6dc43cc428947ec673db
SSDEEP

3072:zJO0FauCEbY6/4n1sXnFN0xYxqAD7mhVLCdfv84TgzGwyc5mVkZ/nr4njiq:tdoyM1InFN08qAfmhVL21TgzHmm14jiq

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

fb6f8caf0711fff2e256e5b968ae80702da46932a73082c39d36b1ac5f561975
.dll windows x86

df9f45773506deb536b001920aeae5e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedExchangeAdd
GetModuleFileNameA
GetProcAddress
GetVersion
GetUserDefaultLCID
MulDiv
GetLocalTime
VirtualAlloc
VirtualProtect
VirtualQuery
DosDateTimeToFileTime
IsBadCodePtr
GetCurrentThreadId
LoadLibraryA
GetVersionExA
Sleep
IsDebuggerPresent
IsBadWritePtr

advapi32

IsValidAcl
IsValidSid
RevertToSelf

gdi32

GdiGetBatchLimit
GetBitmapDimensionEx

msvcrt

_adjust_fdiv
malloc
_initterm
free
memmove
memchr
rand
_CIsinh
_itoa
__doserrno
_pctype
_errno
__mb_cur_max
ceil
_isctype
ldexp
time
floor
localeconv

ole32

CoFileTimeNow
CoRevertToSelf

shell32

DuplicateIcon

user32

IsWindowUnicode
GetWindowRect
GetWindowTextA
GetWindowDC
WindowFromDC
GetForegroundWindow
GetIconInfo
CopyIcon
GetDlgItem
GetTitleBarInfo
GetLastActivePopup
GetWindowInfo
GetWindowThreadProcessId
GetTopWindow
IsIconic
GetGUIThreadInfo
GetParent
IsMenu
BlockInput
SetLastErrorEx
GetClientRect

Sections

UPX0
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE