2e686e7696835f77ce779e89068d5623[.]exe

General

Target

2e686e7696835f77ce779e89068d5623.exe
Size

160KB
MD5

2e686e7696835f77ce779e89068d5623
SHA1

5bd8bc973e17b873d6e9324c7aa15536cf6f2b37
SHA256

3006b85332a3c56cbf9b38e1aa67f7abb08f877db49e4bf2315068d89efc71f8
SHA512

3310eda80bd386bbcbe332a230467b7fe531dfb4d83fea1cf4cbd77bd01d8318afb14a4181ed5fab3621dab2d54489c25bd39da146a47dbb62113909fc43c515
SSDEEP

1536:uuQRyle0Y9WV32pauUIgV92++Kf/vwEpd5QMKVg:FQMle0wQ32QuxA92++Kf/YEpd5QMKy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e686e7696835f77ce779e89068d5623.exe

Files

2e686e7696835f77ce779e89068d5623.exe
.exe windows:4 windows x86 arch:x86

050c5e8e1ff71ae54b78e206750c8f8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetFileTime
GetLastError
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
OpenProcess
Process32First
Process32Next
ReadFile
SetFileAttributesA
SetFilePointer
SetFileTime
SetPriorityClass
Sleep
TerminateProcess
VirtualAlloc
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegSetValueExW

user32

ExitWindowsEx
wsprintfA

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
getsockopt
htons
inet_addr
ioctlsocket
recv
select
send
socket

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

050c5e8e1ff71ae54b78e206750c8f8c

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

Sections

UPX0 Size: 52KB - Virtual size: 52KB

UPX1 Size: 32KB - Virtual size: 32KB

UPX2 Size: 72KB - Virtual size: 72KB

UPX0
Size: 52KB - Virtual size: 52KB

UPX1
Size: 32KB - Virtual size: 32KB

UPX2
Size: 72KB - Virtual size: 72KB