74cb9d9b3df5eb878847dfee6eb76b76 | Triage

Sharing

General

Target

74cb9d9b3df5eb878847dfee6eb76b76
Size

22KB
MD5

74cb9d9b3df5eb878847dfee6eb76b76
SHA1

84d681458c5b42bf19682e4f80691628b1b2e63e
SHA256

db8c63a7316ca2996be81b6bbe6124b7b8ea55cd9d25f55299f5a92a98d77372
SHA512

b2935588bbb0833f9d9c40d3254ea057605f8957810e7fa44824a07a3deea826a391bbb9ebda84eadc34035a07aa0b3f9c8f064e3942e405069f67bbd2b6b23c
SSDEEP

384:rqN8Jq2tASZCuRWRix5+9zJlGGqEhy8HtjAvZvTnG2/+niqCczWJ8jnBAWLG:ro8/ZlRWRiO9zJ82hBSM2WiqCO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74cb9d9b3df5eb878847dfee6eb76b76

Files

74cb9d9b3df5eb878847dfee6eb76b76
.exe windows:4 windows x86 arch:x86

d54082e97f0de8c04152a42b589517c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

advapi32

RegOpenKeyA

gdi32

GetDeviceCaps

ole32

OleInitialize

oleaut32

SysFreeString

rasapi32

RasEnumEntriesA

shell32

ShellExecuteA

shlwapi

StrChrA

user32

GetDC

ws2_32

WSAIoctl

wsock32

recv

Sections

UPX0
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

19G8POW4
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Cf.....
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ