5f5f2e3b02cc037d330bf68997860381 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f5f2e3b02cc037d330bf68997860381
Size

120KB
MD5

5f5f2e3b02cc037d330bf68997860381
SHA1

1d5f3ce82c4373a4b0205c001ee405b0c0fa9d92
SHA256

5cba5abc7dcb31fe4f27f23e7827eb0038982a605b2dad9cbe054f54112365a1
SHA512

3f940d0070a313d0a675a0124b5253e865a9de0d1ecf057f8b24f4be56e67829ddf6accf319d05a35cf40a92d35186a0ab7ebb5fe29991da530d94dd6e7d6b38
SSDEEP

1536:Ybf799brCGrIDqQ7EReG1xcgrrGSLQ29CXQvsot38hB5tMtw0P6RNVurWsQPsfOp:Ybf799brCJqQxaGQcXQr8B3RN+QPqOp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f5f2e3b02cc037d330bf68997860381

Files

5f5f2e3b02cc037d330bf68997860381
.exe windows:4 windows x86 arch:x86

4b3e9bab128ff55d84e8528596fb7b87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA

msvcrt

_acmdln
_initterm
__setusermatherr
exit
_XcptFilter
__getmainargs
_exit
__set_app_type
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
__p__fmode

kernel32

GetModuleFileNameA
GetStartupInfoA
WinExec
GetModuleHandleA
lstrlenA

Sections

.text
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 100KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE