167d49e1cea00e0592525915b4c971a3 | Triage

Sharing

General

Target

167d49e1cea00e0592525915b4c971a3
Size

86KB
MD5

167d49e1cea00e0592525915b4c971a3
SHA1

12c3f460a901f57caf91653909f57dd34982ae26
SHA256

cabd9821efbc92ae6f8a7fdb274aea761d97921e0454373b81d95943108c51b4
SHA512

43b93e0ed9c72e5925f463afc1dd8b190066d55e79cc511638e2b70ee9445101f5e0c8982ef879694f41d064492e2e1447b148fce7c65f4860ea0431a0221fe7
SSDEEP

1536:Cdd8v/VHsWJ6VhKtYIB5l+8h35UM1Xs3SH685CJYRX6HS8IOR0tD/4tVhOpicoHP:Cdd8v/VHsWJ6rKtYIB5l+8h35UM1Xs3x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
167d49e1cea00e0592525915b4c971a3

Files

167d49e1cea00e0592525915b4c971a3
.exe windows:1 windows x86 arch:x86

a3723c9ef1106b01f5ec954c565d0446

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
GetLastError
CloseHandle
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
OpenProcess
Process32First
Process32Next
RtlUnwind
RtlZeroMemory
TerminateProcess
WaitForSingleObject
WinExec
CreateToolhelp32Snapshot

crtdll

_iob
__GetMainArgs
_read
_sleep
tolower
_write
atoi
exit
fclose
feof
fgets
fopen
fprintf
fputs
_beginthread
fread
fseek
ftell
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strcmp
strncat
strncmp
strncpy
strrchr
strstr
time
_endthread

urlmon

URLDownloadToFileA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
recv
select
send
socket

Sections

UPX0
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE