7a76d6c597c699706565ee280c9de3a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a76d6c597c699706565ee280c9de3a2
Size

94KB
MD5

7a76d6c597c699706565ee280c9de3a2
SHA1

cd8c3d1ce976fe4265d341c8d2950d145d05e782
SHA256

249771936498f76305beb9074f6c63a114c4cbaa85b1bf1bf0bde42b2b9838b4
SHA512

ea62814a96ca07eaf6452d9100af24e914a9ba93f89448991d19eddb2a96ea197fa80658b138be8efdc9a07523a0d513b6f7742f61d405665750ee1968326ef2
SSDEEP

1536:7fWjESmtY2HCQpt/K2u3nPABBSoVteu9eUtiVZMW+IVVll30/bK4rIWOV/:TWQSSYCX/vu3KDVYu91tUZ1VllcKdH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a76d6c597c699706565ee280c9de3a2

Files

7a76d6c597c699706565ee280c9de3a2
.exe windows:4 windows x86 arch:x86

db5368f16fc036edb0ea87f29001684a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memcmp
_umask
??2@YAPAXI@Z
_spawnl
_stat64

kernel32

GetSystemInfo
GetVersion
GlobalAlloc
GetNextVDMCommand
GetDriveTypeA
GetStdHandle

Sections

UPX0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE