4baa385b2fbde17a3bc8076b07b8dca1 | Triage

Sharing

General

Target

4baa385b2fbde17a3bc8076b07b8dca1
Size

18KB
MD5

4baa385b2fbde17a3bc8076b07b8dca1
SHA1

fd5538e1cf323b5003528a095f1f08c8c56b122e
SHA256

798a7f808de1576baacb07cedccd613a21656edf5c722c71366745b2c6a38b0e
SHA512

c8ade6797601759d343e2caef46267dcdfd2ef3d8b9dc97e3baed413d7750d9a3581a051146c67b986d582d58f774b0e12b82a9607672c26f5622215f5ede33d
SSDEEP

96:nP7yIIXdmjxPbfNkTcb/Mm3vhcAhCib+3Pycim:n8dmjxbNtD3jCibzm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4baa385b2fbde17a3bc8076b07b8dca1

Files

4baa385b2fbde17a3bc8076b07b8dca1
.dll windows:1 windows x86 arch:x86

53f68171940499ba419602f84724e79f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateFileA
IsBadReadPtr
FreeLibrary
GetFileAttributesA
CreateFileMappingA
GetFileTime
GetProcAddress
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetFileSize
CloseHandle
IsBadWritePtr
LoadLibraryA
MapViewOfFile
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetFileTime
UnmapViewOfFile
lstrcatA
lstrcmpA
lstrcmpiA
GetTickCount

imagehlp

ImageRvaToVa
ImageRvaToSection
ImageNtHeader

Exports

Exports

TempPath
_close_file
_infect_file
_open_create
_open_read
_open_write

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE