c7b05c6b4ba009681bf63aeb9556dd49d569958247fd39eb1a43c39c09e16c34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7b05c6b4ba009681bf63aeb9556dd49d569958247fd39eb1a43c39c09e16c34
Size

31KB
MD5

df8bd496c929462c0355a67cbd984d99
SHA1

4a53e982fb9f9edf29107f14159c22e7a6f44b16
SHA256

c7b05c6b4ba009681bf63aeb9556dd49d569958247fd39eb1a43c39c09e16c34
SHA512

4c7e8edc97686ae1689be728d4ccb289f6ab5907cf651e5e3bce28ee4a85252ab148cf573f35d2398e6e6296a57b1b63d7eeab5938139258e7997fc556449e8e
SSDEEP

384:ryCEkUHHJyQ2xKXNmA8VvisYcmI9QFipRmXDK41US:ryTkUHHT/Nq/L9sip8KFS

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

c7b05c6b4ba009681bf63aeb9556dd49d569958247fd39eb1a43c39c09e16c34
.exe windows x86

d853af3f6b38bafbe85389298fb91f8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CloseHandle
DeleteFileA
GetModuleFileNameA
GetProcAddress
GetLastError
ExitThread
ResetEvent
WaitForMultipleObjects
lstrcmpA
lstrcatA
CreateEventA
Sleep
WaitForSingleObject
FreeLibrary
lstrcpyA
CreateFileA
lstrlenA
CreateToolhelp32Snapshot
Process32First
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
SetEvent
CreateThread
WriteFile
LoadResource
FindResourceA
CompareStringA
RtlUnwind

advapi32

RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegNotifyChangeKeyValue
RegCloseKey

ole32

CoInitialize
CoUninitialize

shell32

SHGetFolderPathA

user32

GetParent
wsprintfA
DestroyWindow
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA
GetForegroundWindow
GetDesktopWindow
IsWindow

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE