9e3e19e98d1823362fb3257886843650b15a6085e303038a201e3f30a4d01e1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9e3e19e98d1823362fb3257886843650b15a6085e303038a201e3f30a4d01e1d
Size

208KB
MD5

3b3a135c31e97cc04db46fb9ae373370
SHA1

1af74a175a3e88086ba1e5bbe98df2a4bca48243
SHA256

9e3e19e98d1823362fb3257886843650b15a6085e303038a201e3f30a4d01e1d
SHA512

ae6abfa431755a09cd63228391e5173e945b123e25fc1c36eeea6e2d8cf5d58a3f325a2f7ce68d6f0e931a44f039d2fe718539e87146906f56f7c7e9760225a5
SSDEEP

384:d+zAyfvt1Eyvjc0C9ZF+a2M8BHLgOcIgSuaoGxf04gX386Y7YbVuoNszouJD:W9tDgSnPgP5b8Z

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

9e3e19e98d1823362fb3257886843650b15a6085e303038a201e3f30a4d01e1d
.exe windows x86

594771497504f62f350d736c0b7d053e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcmp
ResumeThread
WriteProcessMemory
ReadProcessMemory
ExitProcess
GetModuleHandleA
OpenProcess

user32

CreateDialogParamA
LoadCursorA
LoadBitmapA
TranslateMessage
BeginPaint
PostQuitMessage
DefWindowProcA
GetDlgItemTextA
SetDlgItemTextA
GetAsyncKeyState
FindWindowExA
EndPaint
GetMessageA
GetWindowThreadProcessId
IsDialogMessageA
DispatchMessageA
RegisterClassExA
LoadIconA
MessageBoxA

gdi32

SelectObject
GetObjectA
DeleteDC
CreateCompatibleDC
BitBlt

Sections

UPX0
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX3
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ