255854da63b0f726f7faac585123200075a23ad37e29b1fbea4c40c7103b4ac9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

255854da63b0f726f7faac585123200075a23ad37e29b1fbea4c40c7103b4ac9
Size

104KB
MD5

d93d575b132e593e7da8d962be014e85
SHA1

5f1ff17b72deaed967300ee986e90d0b1dae3233
SHA256

255854da63b0f726f7faac585123200075a23ad37e29b1fbea4c40c7103b4ac9
SHA512

aad9c715628e68121ff1169d0ab427dd7af365553239d6d80b5df99e1d0e29e8a9ad293a1f115488be74e265f6635394cdf39311ab6a5d1ef347d219833a96dd
SSDEEP

384:B5P6d+UkSDTUAPoIMZlB5P6d+UkSDNV4uT/:B96sAPUZz96H

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
255854da63b0f726f7faac585123200075a23ad37e29b1fbea4c40c7103b4ac9

Files

255854da63b0f726f7faac585123200075a23ad37e29b1fbea4c40c7103b4ac9
.exe windows:5 windows x86

3d8c26f4cb1782a87c3bb42796fb6b85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrlenA
CreateThread
VirtualFree
GetModuleFileNameW
GetTickCount
ExitProcess
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
CreateFileW
lstrlenW
MultiByteToWideChar

ntdll

memset
_wtoi
memcpy

ole32

CreateStreamOnHGlobal

shlwapi

StrStrA

user32

wsprintfA
wsprintfW

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpReceiveResponse

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE