052a00955df841dc27cf905bbadbfa61 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

052a00955df841dc27cf905bbadbfa61
Size

50KB
MD5

052a00955df841dc27cf905bbadbfa61
SHA1

f0ebca80a5551add922a8e2babcee2d6c85ff612
SHA256

8dedc274a449d4d4483a41c081b74b010bdbc5897c9e0ced2fa7dee3a1001a67
SHA512

71d2039e00bc93558fda346601219f4aebdb9889b5ed84dc264b802f86bd520fd5410fcf1f3fe8b6fd328cdb6bfc8abd712d06afdebd0b4b16f83593fe5a5a46
SSDEEP

768:B4CYswaXYD/8eJ2QCwDjDxyL5TgETHNSd7Q0:B4NswaILXYqXxY5xND0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
052a00955df841dc27cf905bbadbfa61

Files

052a00955df841dc27cf905bbadbfa61
.exe windows:4 windows x86 arch:x86

dabe0c5817a057e2b947d5b825db6c31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetCurrentProcess
CreateEventA
GetTickCount
VirtualAllocEx
VirtualProtectEx
Sleep
GetModuleHandleA
GetProcAddress
GetShortPathNameA
CopyFileA
FindResourceA
SizeofResource
LoadResource
LockResource
DeleteFileA
VirtualProtect
WriteFile
OpenProcess
ExitProcess

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey

msvcrt

_stricmp
strcat
strcpy
strlen

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE