0be0e84be2b124d5388ecbc79e63756c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0be0e84be2b124d5388ecbc79e63756c
Size

422KB
MD5

0be0e84be2b124d5388ecbc79e63756c
SHA1

590bc1612b9037342ebccaafc82f9782abc3aacb
SHA256

2fc31b5f352f68b977bd4008d5ec542afae3fd8c3fb923df649ebb5193e8e548
SHA512

99d383cde46170464641da7f5f1911ef0ab2b90da18171d9bd0ba49dd29ea3204f7daf122e985ec1c00b4dae2de74501f97024f53ddb855ad044d69eb35dc958
SSDEEP

12288:L/QEKOYQwTrHdDalGP2jfrP0/jnWlxdC6/0j8UG5qI172N:L/QEvYQ4HyxvMyz0nI172N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0be0e84be2b124d5388ecbc79e63756c

Files

0be0e84be2b124d5388ecbc79e63756c
.exe windows:4 windows x86 arch:x86

bf06737d88ac55e2e16b4d9ede1a2ea0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess
CreateFileA
CreateFileMappingA
GetTempPathA
GetTempFileNameA
lstrlen
MapViewOfFile
WriteFile
UnmapViewOfFile
CloseHandle
CopyFileA
GetModuleFileNameA
DeleteFileA
WinExec

user32

MessageBoxA

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE