0d96d0fe1d2893d3d1701a3b5800f59e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d96d0fe1d2893d3d1701a3b5800f59e
Size

21KB
MD5

0d96d0fe1d2893d3d1701a3b5800f59e
SHA1

f1bb5317e018931ef77eb848318cea52df2053c5
SHA256

22d074f3f3db5d95e917daea3e99477d93f03c6aec2cfc298401ec3f3cb8ce50
SHA512

d6b2352d45f88209564502770e2554d46e3c831922cd152baf7adc321be0823097610996efed09447ef1bc840503639eeef36ae8dfabab1e1af2e45b1d67c864
SSDEEP

192:bmngqOC8m87BBIw8NyTnlj/H4SqlaNSDFm0Oz8SztUkOCn:bCgq98m8daw8u4fASD0P8SxdOS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d96d0fe1d2893d3d1701a3b5800f59e

Files

0d96d0fe1d2893d3d1701a3b5800f59e
.exe windows:1 windows x86 arch:x86

6fdee7da10ab7b0cff134485c93ae9de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcessId
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
CopyFileA
LoadLibraryA
CreateFileA
ReadFile
RtlUnwind
SleepEx
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

crtdll

__GetMainArgs
atoi
exit
memset
raise
signal
strcpy
strlen
strstr

wsock32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
recv
send
socket

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE