4fabe4fb16305f25dc5f5808290b85ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4fabe4fb16305f25dc5f5808290b85ce
Size

18KB
MD5

4fabe4fb16305f25dc5f5808290b85ce
SHA1

ceaac2b18aecbc350daa88dc1fe3cb6bfae7a970
SHA256

a6ca16d96fb4f53f85429da60089b58034baf206a606ddfd7ae28143782b3475
SHA512

c5b5e96ba2e63d117769dfc7ba0fa3039f1f6ee1c5ed65483317a8609e3bc2cb0fe40b208af8db80f7bd8f73c5e23eaec0bd2a114cb85a498187ad7d3a8ab008
SSDEEP

192:hfKqW464KDY97budWKnOGBSfP1Y68qIzdvZeX659k5xxKsfJ+:TzbNKOKEbaRiKsR+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4fabe4fb16305f25dc5f5808290b85ce

Files

4fabe4fb16305f25dc5f5808290b85ce
.exe windows:4 windows x86 arch:x86

75fe995dd266b3c918eac5630228bd57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
WideCharToMultiByte
GetModuleFileNameW
lstrcatA
WaitForSingleObject
CloseHandle
SetFileAttributesW
ExitProcess
GetModuleHandleA
GetCommandLineA
HeapAlloc
HeapFree
GetProcessHeap
SetFileAttributesA
CreateEventA
GetProcAddress
Process32First
CompareStringA
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
WinExec
GetFileAttributesA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

gdi32

RestoreDC

user32

AnyPopup
ReleaseDC
ShowWindow

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE