4360abaa80a0c3ea00c4c3feb6e694ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4360abaa80a0c3ea00c4c3feb6e694ea
Size

38KB
MD5

4360abaa80a0c3ea00c4c3feb6e694ea
SHA1

f8a2e15ca50363349ac0e5a62430b4a46af404c0
SHA256

eb47e3a9adcb73bc00718887c2e0ef72c30c26a50f265bdbc342aa5a2e9392e5
SHA512

d72a32e391115c5f315eb62ce32be96da1a24075e167e11f531b751461997e431842fc2b4f019b6b79012a1c3e6a0f6d174ca09cc7d23ca9de5cad830d1617e4
SSDEEP

768:4S39dbe7UQXd/u28/foRnz26jZc62dkkXHV5lBW:7voH7RniIZcRr9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4360abaa80a0c3ea00c4c3feb6e694ea

Files

4360abaa80a0c3ea00c4c3feb6e694ea
.exe windows:4 windows x86 arch:x86

41493f241bc19923f147bdc476e1a053

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
lstrlenA
GetTempFileNameA
GetTempPathA
ReadFile
lstrcpyA
WriteFile
CreateFileA
MoveFileA
DeleteFileA
CloseHandle
SetFilePointer
lstrcpynA
GetVersionExA
GetLocalTime
GetModuleFileNameA
lstrcatA
RaiseException

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey

msvcrt

free
fclose
fwrite
malloc
fopen
_stricmp
strrchr
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

shell32

ShellExecuteA
SHGetSpecialFolderPathA

user32

wsprintfA
GetWindowTextA
IsWindowVisible
EnumWindows

Sections

UPX0
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE