1d24dcef201449809b4d2895110d890e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d24dcef201449809b4d2895110d890e
Size

124KB
MD5

1d24dcef201449809b4d2895110d890e
SHA1

705397a63b9034bfa403a7fdee66ae2b7632c196
SHA256

eb013920a20403cbfbf0f0f870e1001f7756cfe3618a057728c4ed843dbb0358
SHA512

f08039245a6b3a46b80f3bc694af2bdb0c2507197578c43b06677790fbffa501faf15300e1c49c2f760524daf0e9f640284c4e7f20e4dbd547e68a6107e78e88
SSDEEP

1536:UZosqYBvAn+WA/OKapuc5WcrbfKKk3mbxzLYXxvccmB6yYHWzLe:UdD3RW1Mq9rDE3mJ8XOtB6NWzLe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d24dcef201449809b4d2895110d890e

Files

1d24dcef201449809b4d2895110d890e
.dll regsvr32 windows:4 windows x86 arch:x86

1d70206d1f57ebbf9d7aba73ff0094e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
HeapCreate
GetSystemInfo
HeapAlloc
WriteFile
CloseHandle
CreateFileA
DeleteFileA
DisableThreadLibraryCalls
GetSystemDirectoryA

atl

shell32

ShellExecuteA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE