001bb7c03e9d68bdeb9182523d553eaf | Triage

Sharing

General

Target

001bb7c03e9d68bdeb9182523d553eaf
Size

90KB
MD5

001bb7c03e9d68bdeb9182523d553eaf
SHA1

a8d393eab30d303b79d3c95a9abf660435e583f9
SHA256

5da34ad32d349dc3e076661730cc09104c75e3fffa8e68b8e4ea70b25c62729a
SHA512

6bc5a807ee77629876b0f3b024a7a7f786a7c15360b93cdcfbdfbbcecb4bbf02b7143a5c7dbbe1aeaf51d4f1e78de44d5cc1df99f5adac43376120585a13254a
SSDEEP

1536:QkE/q7fv2QAoZS3GTB4Ce17UqXz1FgozSLDsnKbj12:QkEi7fxFyGsFz1FgozSLgnKbj12

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
001bb7c03e9d68bdeb9182523d553eaf

Files

001bb7c03e9d68bdeb9182523d553eaf
.exe windows:4 windows x86 arch:x86

e2605db388296f214fc57b811e8d0998

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
HeapFree
SetFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WriteFile
SizeofResource
LoadResource
lstrlenA
DeleteFileA
CloseHandle
GetFileTime
GetSystemDirectoryA
ReadFile
SetFilePointer
ExitProcess
CreateFileA
GetModuleFileNameA
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA

shell32

SHFileOperationA

Sections

UPX0
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE