0a36cd06d6e6328cbfa0f652aa376ec0_exe32_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a36cd06d6e6328cbfa0f652aa376ec0_exe32_JC.exe
Size

216KB
MD5

0a36cd06d6e6328cbfa0f652aa376ec0
SHA1

345782368ee4c067e1909c75a702039b4398d78c
SHA256

4f65b603dcecd39fe4aea29440800b111eed706b589ee43a9833843540405557
SHA512

7fe69b9b19e23ecbab6cc4cce9af7333d790ab79117be0c14566dfe8feeec139695cb4ec63715752098b8ec7a2dfa1361281dba9246d24715150d146f26ae8b7
SSDEEP

768:6TZHqmKMv8BBd5lE/UaE2Zg5EF4rq7E8LXVhaTtDE8VfCPHxxhGxL:4HqmKI895lENE2ZgWF4uqTtDLpC5xhG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a36cd06d6e6328cbfa0f652aa376ec0_exe32_JC.exe

Files

0a36cd06d6e6328cbfa0f652aa376ec0_exe32_JC.exe
.exe windows:1 windows x86

a9154e78031638f7a1c0f524ac8c5a90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
TlsSetValue
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
ExitProcess
CreateFileA
CloseHandle
CopyFileA

user32

MessageBoxA
ShowWindow
SetWindowTextA
SetForegroundWindow
SetDlgItemTextA
SendMessageA
MessageBoxA
LoadStringA
LoadIconA
GetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA

shell32

ShellExecuteA
DragQueryFileA

comdlg32

GetOpenFileNameA

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE