e85b5cade03b78fb3ae9bc6cc5655f1d99a181295993040cb425d6bd84b35a55 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e85b5cade03b78fb3ae9bc6cc5655f1d99a181295993040cb425d6bd84b35a55
Size

156KB
MD5

fc78e7dad4e399501ff5fb81ead72c98
SHA1

e79110738e184c28707594a532a9f9e43dc58a6b
SHA256

e85b5cade03b78fb3ae9bc6cc5655f1d99a181295993040cb425d6bd84b35a55
SHA512

4c090d153dcc5b23bf95a5cabca0380283ce5a61c37a03f5803fff6a66f4e80473e2a55371072e9aab1f2f3c7a3ef5fa6a79deb3fc30f7c8d2939e65110d47cf
SSDEEP

3072:o/nQ8+UcLoq36A1Sx6+HDDwLDy9RoYDf:o/nQ8l2SxfDEDy9RoY

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

e85b5cade03b78fb3ae9bc6cc5655f1d99a181295993040cb425d6bd84b35a55
.exe windows x86

d1b1d470695815e5d2859c5f33b4954e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
FindFirstFileA
FindClose
FindNextFileA
FreeLibrary
HeapFree
ExitProcess
HeapReAlloc
HeapAlloc
Sleep
lstrcpyA
GetProcessHeap
GetProcAddress
LoadLibraryA
GetLastError
lstrcatA
GetModuleHandleA
lstrcmpA
GetModuleFileNameA
GetCommandLineA

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 512B - Virtual size: 512B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE