General
-
Target
ch21.exe
-
Size
15KB
-
MD5
1f67ab5455e6fe602bfba8c0e0c13cbd
-
SHA1
0d071bd364b127e87c24cfd8566f41a7bbad1098
-
SHA256
a681c24ed5f6b585368052c9e1c273c15ae7c4de4c6f8d192e0e6ddb91b8aae7
-
SHA512
a5e88b049fbfa61be00f0fbc1f2f2b83f1bac40689afc3cf03d57c45b4a8ad8c50f960c09218664b940c63ac8fffee62a94f2f5c97347c8eaad29bde28e6f0b4
-
SSDEEP
192:x1bjtYIOcmeIxFraM6dd0XjbmWnijkivZxFWFt6gNSOtY:bboGm6dQ/mBjkizFWFeOt
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ch21.exe
Files
-
ch21.exe.exe windows:4 windows x86 arch:x86
78a4993577442cb0b8455a5212e28367
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
scanf
kernel32
GetStdHandle
WriteConsoleA
ExitProcess
Sections
UPX0 Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
UPX1 Size: 512B - Virtual size: 305B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ