4e58531e2dbde31a9b806d5de62f1d4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e58531e2dbde31a9b806d5de62f1d4a
Size

30KB
MD5

4e58531e2dbde31a9b806d5de62f1d4a
SHA1

f3b628b3bc0a574560c98f04543aa601b3d2801d
SHA256

6bd5e34608ba6cbd017674bc2739b96eba6c78a01abf1c9c1cf39f0972426471
SHA512

8b270617c7220aff6ea7f095bee2fe35d66e18cdaa966b4f04a50bd86d2ba430ed24c359e51d3d4debdbbe4d27c0bfa803bc64bd451706c6881ab124e8a5255a
SSDEEP

384:p9K56FEUo/XKlm2E2TGHqISdi3gZdfnUtqZWOkIleDIC+MgsRy61ODlKn8URgjaX:yv/XqQ2RIav7v3l9i

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e58531e2dbde31a9b806d5de62f1d4a

Files

4e58531e2dbde31a9b806d5de62f1d4a
.exe windows:4 windows x86 arch:x86

0b37c93f0a631776664e80f028ae478d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileA
DeleteFileA
GetSystemTime
GetTickCount
GetVersion
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetSystemDirectoryA
QueryPerformanceCounter
FindFirstFileA
ExitProcess
GetLastError
CreateSemaphoreA
WinExec
GetCurrentDirectoryA
GetEnvironmentVariableA
CreateDirectoryA
CopyFileA
SetCurrentDirectoryA
GetModuleFileNameA
WritePrivateProfileStringA
Sleep
GetFileSize
ReadFile
CreateFileA
WriteFile
CloseHandle
GlobalFree
FindClose
GlobalAlloc

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

user32

ShowWindow
FindWindowA

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE