21ab69c0ec13e01076e160f44f9b5d8a | Triage

Sharing

General

Target

21ab69c0ec13e01076e160f44f9b5d8a
Size

25KB
MD5

21ab69c0ec13e01076e160f44f9b5d8a
SHA1

7fb264ee24d51a49bba0b2c30d92ab50cd5712fe
SHA256

df7cea925e635cf09644459c3ee956c767f24751070b07f0d6503cf64d3272d2
SHA512

e472039c7ac1a457504cb30725b05911039a0a356a9e91fc1f6abaad9e0d72cd27953f261113e39b291471f18a034698600e42eabcaebbdf3a7c6548ce5ede79
SSDEEP

384:IAIuI4oOaD+M7i7Vrqbbn+ujzll2ki4Z:TIuI42ajmX+El5i4Z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21ab69c0ec13e01076e160f44f9b5d8a

Files

21ab69c0ec13e01076e160f44f9b5d8a
.dll windows:4 windows x86 arch:x86

2d1a57c7cf66d2e88d3414540c121797

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
TerminateProcess
RtlZeroMemory
LoadLibraryA
GetVersionExA
GetTempPathA
GetTempFileNameA
GetProcAddress
GetModuleFileNameA
CloseHandle
CreateThread
DeleteFileA
GetLongPathNameA
WaitForSingleObject

advapi32

RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey

msvcrt

strlen
strcpy
strcat
fwrite
fseek
fread
fopen
fclose
atoi
_strlwr

shell32

Shell_NotifyIconA

shlwapi

PathFileExistsA
StrStrA

user32

RegisterClassExA
SetTimer
PostQuitMessage
TranslateAcceleratorA
TranslateMessage
LoadIconA
LoadAcceleratorsA
BeginPaint
LoadCursorA
SetWindowPos
KillTimer
GetMessageA
EndPaint
DispatchMessageA
DefWindowProcA
CreateWindowExA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Exports

Exports

allert
load
windows

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE