4ca2e21ea0d637ed5a2bb086aefdbe1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ca2e21ea0d637ed5a2bb086aefdbe1a
Size

131KB
MD5

4ca2e21ea0d637ed5a2bb086aefdbe1a
SHA1

51f80734bb2b8ceffe9d85d164fce5722f3cfe4b
SHA256

7dfa598bd21b97d901ecb8e8d9dc06b52aaa0e820fb55e9929162cd97688f2a6
SHA512

ad7dccfef2af95058c490f42e19a52c4a41f3cc50c1e654a03b4906552e53796fa2808fc002ff997d0674d4cfce7a1dc67d00d9e23dbb5e57f36d54f2c3a87f2
SSDEEP

1536:mriK6oBjU/ByDdVBWDOiUfc46bmvSpoIT9eDb/tDLJDd:m2K6wvBTPiUfc46bISg3/tJ5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ca2e21ea0d637ed5a2bb086aefdbe1a

Files

4ca2e21ea0d637ed5a2bb086aefdbe1a
.exe windows:1 windows x86 arch:x86

45d40da30c944834c663951855fe353d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsA
FindResourceA
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
LoadResource
LockResource
MoveFileExA
CreateFileA
RtlUnwind
SizeofResource
WinExec
WriteFile
lstrcatA
lstrcpyA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

crtdll

__GetMainArgs
exit
free
malloc
raise
signal
strchr

user32

RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
CreateWindowExA
DefWindowProcA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

Sections

UPX0
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE