13971be2ce0ab4146f96b4978e1551a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13971be2ce0ab4146f96b4978e1551a3
Size

285KB
MD5

13971be2ce0ab4146f96b4978e1551a3
SHA1

713968531cfec862d6a1a43dbed5778b79b80cae
SHA256

73f61e55ab952bcc6ea880a0e4e62b0113f03e14f5395e90216a03e8cec8b600
SHA512

c3113e45ad1e0802dbb8f9720c227ea41e98d3b18441a13f0500bb2b869534e0d398184e502b426042f50d44a93bb840dbc6c9ff40a3ea5f3305832393055a37
SSDEEP

6144:ER6P8dp+QgIDhtK1B5uz8/AnArMAo2OlPLyaqrASMjTuG:EkPi+QgMUu0ZMEWLy5rASMjN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13971be2ce0ab4146f96b4978e1551a3

Files

13971be2ce0ab4146f96b4978e1551a3
.exe windows:4 windows x86 arch:x86

db6281f03a12314406f4f12d35d410df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
lstrcpyA
CreateProcessA
lstrcatA
GetWindowsDirectoryA
DuplicateHandle
GetCurrentProcess
OpenProcess
VirtualFree
VirtualAlloc
ReadFile
GetFileSize
CreateFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
VirtualProtectEx
lstrcmpA
CopyFileA
DeleteFileA
SetFileAttributesA
WriteFile
lstrlenA
GetSystemDirectoryA
SetFilePointer
GetModuleFileNameA
ExitProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
CreateRemoteThread
SetLastError
GetCurrentProcessId
GetPriorityClass
WriteProcessMemory
Sleep
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetComputerNameA
CloseHandle
ResumeThread

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
GetUserNameA
RegSetValueExA

msvcrt

atoi
free
malloc
_strnicmp
_strrev
strrchr
strncpy
strchr
_stricmp

shlwapi

SHDeleteKeyA

user32

FindWindowA
GetWindowThreadProcessId
wsprintfA

Sections

UPX0
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE