7c0da94096d607e5fbee13988b84c47d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c0da94096d607e5fbee13988b84c47d
Size

50KB
MD5

7c0da94096d607e5fbee13988b84c47d
SHA1

249c14b3bc302a8c0eaa1dad3bcc5e7a65b6df59
SHA256

b133b337b4c8416091354c6834df0facee8a62bbe72f904a95bc07389199a7e3
SHA512

7181d9c96fca4cf709ada6e91a31172b6d9f6fc8c0014ced5d4887877c80d2fdc09098b005febd7376b5e895be6fd6aa400ae13831933c26cea1514d924844c2
SSDEEP

768:KnYp/HqnCHR85/GkRDoJQ/bkeWra2vu7Bfujca/CJ5b:KngHqnSC/1DSPzm2v0sjca6T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c0da94096d607e5fbee13988b84c47d

Files

7c0da94096d607e5fbee13988b84c47d
.exe windows:4 windows x86 arch:x86

d462280432ad0cce6dcbba763ccb3463

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
RtlUnwind
lstrlenA
CloseHandle
GetFileTime
CreateFileA
lstrcatA
GetSystemDirectoryA
FreeResource
SetFileTime
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
ExitProcess
CreateProcessA
GetStartupInfoA
GetWindowsDirectoryA
GetModuleFileNameA
DeviceIoControl
GetModuleHandleA
GetCommandLineA
HeapAlloc
GetProcessHeap
VirtualQuery

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
RegCreateKeyA
CreateServiceA
OpenSCManagerA

user32

wsprintfA

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE