51c5dec36eefa488295095d3e08bf3c0 | Triage

Sharing

General

Target

51c5dec36eefa488295095d3e08bf3c0
Size

20KB
MD5

51c5dec36eefa488295095d3e08bf3c0
SHA1

5529cfa927535dfcf239689883a13f71bad43416
SHA256

767de26092a63a74572e8bf5649059ab8318a41014f6df673af91b7b0170e00a
SHA512

3eac8bf4ed8f9bbaf03264f71103a4be64d70418be6f28f1d4f87ba90e66b70702cb2bb990b092b549de697112da66170ba59d98e694ebd5610120605f0f3762
SSDEEP

384:cxuQlrR7Mg+nppS8td0u8sC9Bpdf/EenDF/zN/+P6moHbfXIDhsv1:6/xMg+qa0u8rXf8eDFx/+i/HLIli1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51c5dec36eefa488295095d3e08bf3c0

Files

51c5dec36eefa488295095d3e08bf3c0
.exe windows:4 windows x86 arch:x86

53406f0d77d3c18ccb990769a74e792e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

CharNextA

oleaut32

SysFreeString

advapi32

RegCloseKey

ws2_32

ioctlsocket

wsock32

send

shell32

ShellExecuteA

ntdll

ZwUnmapViewOfSection

avicap32

capGetDriverDescriptionA

Exports

Exports

SendData

Sections

.UPX000
Size: - Virtual size: 56KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX000
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE