29ba6a3ae6cb909e4ac1094b0c314258 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29ba6a3ae6cb909e4ac1094b0c314258
Size

34KB
MD5

29ba6a3ae6cb909e4ac1094b0c314258
SHA1

642f25b21c1974cf7757d778b71411e959612038
SHA256

8f78d49863e0b5f58c7ef50e7fe0ce2a0c271186ed0c37967234730bff37b419
SHA512

0dd608790416040eb0b138f175327e637540840c0307a8fb6c94aad140b4de422876f9ae108eb50fa692296b2ed616bf96e5853cb60f256ed7fca10608c96926
SSDEEP

768:2qdw2Gc8PJ78Y3lbNq7V20NRC2l3nrlZi7793LER3ONfFn+mhgZ:dd/oJt3lbg1C2l3nrlZeLgwV+m

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29ba6a3ae6cb909e4ac1094b0c314258

Files

29ba6a3ae6cb909e4ac1094b0c314258
.dll windows:4 windows x86 arch:x86

e1df37f6ff921a0d44983e69dd3ecfea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

EnableMenuItem
DestroyWindow
DestroyIcon
DestroyCursor
CreateMenu
CreateAcceleratorTableA
CopyRect
CopyImage
CloseWindow
CharUpperA
CharLowerA
BeginPaint

kernel32

FindResourceA
lstrcatA
WriteFile
VirtualFree
VirtualAlloc
TlsSetValue
SleepEx
SetLastError
RtlUnwind
LoadResource
GetVersion
GetStartupInfoA
GetFileSize
CloseHandle
CompareStringA
FreeResource

Exports

Exports

Activate
DllCanUnloadNow
DllGetClassObject
HookProc
Logoff
Logon
get_Key

Sections

.text
Size: 16KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ