d5cf5ecaacde456b19b4cd5dfa763d7fe935bf2c48c6133b7bede223101298f7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5cf5ecaacde456b19b4cd5dfa763d7fe935bf2c48c6133b7bede223101298f7
Size

30KB
MD5

081660e909f787004a22f9a1d2cf2303
SHA1

b1beec210cf2a579bdb4a184c7bba233dcbf97e9
SHA256

d5cf5ecaacde456b19b4cd5dfa763d7fe935bf2c48c6133b7bede223101298f7
SHA512

bafd5741ab3002c8be21253a976c1a5c2f490973d07b62eda26f8a0daf058a3861c5e59ad8c847e18e70d7ca775a88373a3ee6b322c32ed2174683a77921d6f6
SSDEEP

384:MVWEKoiSf7mgwQgv7vAHveptTNCH8GD2FWYE1B8EXRuLzDgYfRQlSwn3JRLKWn7W:IeoiS6gwP7AE9EwWYGBhuLjy13nVGV

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

d5cf5ecaacde456b19b4cd5dfa763d7fe935bf2c48c6133b7bede223101298f7
.exe windows x86

234551c5fe5de0fdc1caa8f68bfa343e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsPrefixA
StrCatBuffA
PathFindOnPathW
ChrCmpIW
StrFormatKBSizeA
SHQueryValueExA

comctl32

FlatSB_SetScrollProp
CreatePropertySheetPageA
PropertySheetW
ImageList_GetIcon
InitMUILanguage
InitCommonControlsEx
_TrackMouseEvent
FlatSB_SetScrollRange

gdi32

GetTextExtentExPointW
CopyEnhMetaFileW
AddFontMemResourceEx
ExtCreateRegion
StretchDIBits
SetMiterLimit

ole32

CoTestCancel
CoSetCancelObject
EnableHookObject
PropStgNameToFmtId
CoRegisterPSClsid
StgGetIFillLockBytesOnFile
CreateBindCtx

shell32

SHCreateDirectoryExA
SheFullPathW
DragQueryFileW
SheShortenPathW
SheChangeDirA
FindExecutableA

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE