3ee215ef50302755ae6f464b9d2a5f58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ee215ef50302755ae6f464b9d2a5f58
Size

46KB
MD5

3ee215ef50302755ae6f464b9d2a5f58
SHA1

f5517bcf2853c33ee4c226361a6c31137d964410
SHA256

bdce1d5e8804d78af7fc5819aa14d0747891e39ec28e00f1e3f8115f3b97fd53
SHA512

42c37607cdd45a96966a8cc877b269367d606164dd44e79fefc66c23ab11f6a84a2e2eaa975063c7e32ca8a0e91d518ac18f22b41058d17a64c5c78e760e2355
SSDEEP

768:tLzqDt+5EF/VUR0ekeIZ8xGY37jm8b4Hpb:5MVo6eq8xhnkZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ee215ef50302755ae6f464b9d2a5f58

Files

3ee215ef50302755ae6f464b9d2a5f58
.exe windows:4 windows x86 arch:x86

966836b71b25dca74920a389d8afa5bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
Sleep
CreateThread
GetTickCount
GetProcAddress
LoadLibraryA
CopyFileA
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeA
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
CreateFileA
FlushFileBuffers
SetStdHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetLastError
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeW

mpr

WNetAddConnection2A
WNetCancelConnection2A

wsock32

ioctlsocket
connect
htons
closesocket
ntohl
WSAStartup
socket
inet_ntoa
select

Sections

UPX0
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE