1d5f7bd92d291bf068711314ebd7c6ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d5f7bd92d291bf068711314ebd7c6ca
Size

31KB
MD5

1d5f7bd92d291bf068711314ebd7c6ca
SHA1

21d93f6434dec82551e2885019126044b083e27f
SHA256

5a76e460e0c687e39142b45a8c8c5e99ff7938873343e4e35d9e3b97c7b50a56
SHA512

9d798bf0383c1a68fd2833258158dabbf9d2d3d21c53489ce58d8fa3250f0fa277d9925cf88f9e3f2cd8332eb41bdffbc4893005f91a428824f7da1b3b9a0b23
SSDEEP

384:e2k9SMCiTba6M/gFO9cQ+TW8JNnaLLuxOzfIpVG/peeRu:U9SMCiXa6MAO9bcNaLIOzwAeeR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d5f7bd92d291bf068711314ebd7c6ca

Files

1d5f7bd92d291bf068711314ebd7c6ca
.exe windows:4 windows x86 arch:x86

bc4a676ce022db762d39d518b7f71f11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetSystemDirectoryA
GetModuleFileNameA
LoadLibraryA
CopyFileA
lstrcmpiA
GetStartupInfoA
GetWindowsDirectoryA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
CreateProcessA
lstrlenA
CreateFileA
WriteFile
lstrcatA
CloseHandle
TerminateProcess
RtlUnwind

advapi32

RegSetValueA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

msvcrt

strlen
sprintf
memset

user32

TranslateMessage
DispatchMessageA
GetMessageA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE