e18f23e5836bee629922adc76f774fd345c64699fe207a8cdf73d2ceef3127cf | Triage

Sharing

General

Target

e18f23e5836bee629922adc76f774fd345c64699fe207a8cdf73d2ceef3127cf
Size

182KB
MD5

b6d20e7178ffcb6af17ac8080a7d142e
SHA1

2df2b4e5585b086be0a0c813019b24260187753f
SHA256

e18f23e5836bee629922adc76f774fd345c64699fe207a8cdf73d2ceef3127cf
SHA512

c625e5f7632a7ffa6aaec017b42cd56510d64d7b93a94d71b48a3ca1be4d838305b7bf4b390230801777897f5710db0c0722232293a7a3187b473e0bb23906c1
SSDEEP

3072:6pxUdrr44r2fuBqOzvEaPh4RLsoqE5fTc8/mj5+EC/xdnQoQMXuPI8Smr:gxUlTKfuBqcEgipDqmfTcTC/PnxuBSmr

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

e18f23e5836bee629922adc76f774fd345c64699fe207a8cdf73d2ceef3127cf
.dll windows x86

251a2bcb46b474fa78e63afa1e824c7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

MessageBoxA
MessageBoxA

advapi32

AdjustTokenPrivileges

msvcr90

_adjust_fdiv

Sections

.text
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 564B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ