27d9e9bc3e200cde5a2f97971c14badf | Triage

Sharing

General

Target

27d9e9bc3e200cde5a2f97971c14badf
Size

17KB
MD5

27d9e9bc3e200cde5a2f97971c14badf
SHA1

3609e7064315b72b56890ed9d0ceb092a81e8ee9
SHA256

0f292e1b340624c5c01d9c496f4f7b8db0c13f68cfcae8fd2e228f5af3ecf133
SHA512

0650948b2b4e5049eae68c8ecf9d9cde98aa827fe8852820f122dc145ddc310ed933351186e4a0d60daed1bad9d4bfa17fea11ee9824e24e2c167dc51b77a3d5
SSDEEP

384:fLxWURh5P9JI/8JnFTeU2pi0KtlRKk18LyT4JZlrZdEWP2IdAtxQZK:zYUVs/8nTeU+mlR4mT4JZbeWP2IiQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27d9e9bc3e200cde5a2f97971c14badf

Files

27d9e9bc3e200cde5a2f97971c14badf
.exe windows:4 windows x86 arch:x86

f719a1afacff632c35783bd350b56880

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

advapi32

RegOpenKeyA

crypt32

CryptUnprotectData

ole32

CreateStreamOnHGlobal

shell32

ShellExecuteA

shlwapi

StrStrIA

user32

wsprintfA

wsock32

socket

Sections

UPX0
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE