9797b28098e2ef2900560f181b160411 | Triage

Sharing

General

Target

9797b28098e2ef2900560f181b160411
Size

37KB
MD5

9797b28098e2ef2900560f181b160411
SHA1

cd9319144e0e48dc392a6f8cf279a161a856f072
SHA256

c2aad05f9444b98c84f63e16b951ef17118802557a3ad19431c983132505596a
SHA512

5f286a1fed9283f80e8a6eab5282c17c15bec1d2c66a04d8c2af2d74d7488acee96e6accd1726ea0c4de9578c6c212a5dd6243154ce482ab77aa5c9e4b75d8a9
SSDEEP

384:HcIqNZOO+OreW5aQfGJ+v+O0MhUvYn/vEpI0Rrs+C3UpQfKhVTq:kDOO+OiQGC0EUvYHsI0+9U

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

9797b28098e2ef2900560f181b160411

Files

9797b28098e2ef2900560f181b160411
.exe windows:4 windows x86 arch:x86

3ad474fbc66cdffd0227cc357474a2ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

cygwin1

__errno
__main
_fopen64
abort
accept
atoi
atol
bcopy
bind
calloc
close
connect
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fgets
fork
fputc
fputs
free
getcwd
gethostbyname
getpid
getppid
htons
inet_addr
inet_network
ioctl
kill
listen
malloc
memcpy
memset
ntohl
pclose
popen
pthread_atfork
rand
realloc
recv
select
sendto
setsockopt
sleep
socket
sprintf
srand
strcasecmp
strcat
strcmp
strcpy
strdup
strlen
strncmp
strncpy
strtok
time
toupper
vsprintf
waitpid
write

Sections

UPX0
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE