903c9a99a0867b5ca3796757dd73957ecb54e4f9d615defe4b7fa4e1d887d65a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

903c9a99a0867b5ca3796757dd73957ecb54e4f9d615defe4b7fa4e1d887d65a
Size

36KB
MD5

91c20b9708550ddab6726d4aa6dbf643
SHA1

a8970da28eccf9a57f1a139f258d2ab6865f1d68
SHA256

903c9a99a0867b5ca3796757dd73957ecb54e4f9d615defe4b7fa4e1d887d65a
SHA512

55626023f18bd83fa2337e4fd37e8b2e5a739dd27382f6cc3ee865f52ea735a60362313a2710402d5c9431e4f315124c9fb9253baa6528ae072766e796e78e52
SSDEEP

768:Ra+ZsSHkmuwJ4jucyfHMj2vOpPqKxYusdrWdkzt7ij/r:Raz2kmuwJ4jucyPa0KqWdk5ujj

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

903c9a99a0867b5ca3796757dd73957ecb54e4f9d615defe4b7fa4e1d887d65a
.dll windows x86

756e752637eda71039827377f9d4d741

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageA
DestroyCaret
DefDlgProcA
CharLowerA

kernel32

LoadLibraryA
lstrcpynA
lstrcpyA
lstrcmpA
lstrcatA
EnumResourceLanguagesW
EnumResourceNamesA
ExitThread
FreeResource
GetModuleHandleA
GetSystemTime
GetSystemTimeAsFileTime
InitializeCriticalSection
LeaveCriticalSection
LoadResource
LocalAlloc
MapViewOfFile
OpenFile
RaiseException
Sleep
SleepEx
TlsAlloc
VirtualAlloc

Sections

.text
Size: 18KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ