1f8cb44c437d06294cd37b4d53ec78898afe4c4b345a30af91b3702485436db0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f8cb44c437d06294cd37b4d53ec78898afe4c4b345a30af91b3702485436db0
Size

104KB
MD5

08811d33aa59143e3819a23bcb5e0f4d
SHA1

d479164bb3a361487b681222115242ae298aee82
SHA256

1f8cb44c437d06294cd37b4d53ec78898afe4c4b345a30af91b3702485436db0
SHA512

3d92a0d14865b1e70d10c126e86bca13e9fb0f2d6ee7103d5d5103a613bc62b2532fb5d6ca4d14dd9d67ba94b271a43dbbe2944ef0a2dfac0f1b7ed3cbeda08b
SSDEEP

384:W5P6d+UkSDTUAPoIMZlB5P6d+UkSDNV4uT/:W96sAPUZz96H

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f8cb44c437d06294cd37b4d53ec78898afe4c4b345a30af91b3702485436db0

Files

1f8cb44c437d06294cd37b4d53ec78898afe4c4b345a30af91b3702485436db0
.exe windows:5 windows x86

3d8c26f4cb1782a87c3bb42796fb6b85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrlenA
CreateThread
VirtualFree
GetModuleFileNameW
GetTickCount
ExitProcess
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
CreateFileW
lstrlenW
MultiByteToWideChar

ntdll

memset
_wtoi
memcpy

ole32

CreateStreamOnHGlobal

shlwapi

StrStrA

user32

wsprintfA
wsprintfW

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE