VirusShare-00e7e2990ceb555b15cc89fd08fdab58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

VirusShare-00e7e2990ceb555b15cc89fd08fdab58
Size

18KB
MD5

00e7e2990ceb555b15cc89fd08fdab58
SHA1

5c0cd28eb73d2a7daec19ad28c99457261a867fe
SHA256

0ddddf98fe7fc3ddf3dc3b7c87fea1dd1b71b27e20c828d315da27eb15fc775f
SHA512

2207bb32bbc6d4ab6f80237043db97fe9ed6fa87dee2c1d4575bda0f5a31f1088453b9e2f8f480ff66bdee0d98d242155e99811690877803794941e6ec74dc85
SSDEEP

96:JWAz/yliyryoCDwEAjcFnEJfTkfSEmpnq:JD5wEA3h/p

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirusShare-00e7e2990ceb555b15cc89fd08fdab58

Files

VirusShare-00e7e2990ceb555b15cc89fd08fdab58
.dll windows:4 windows x86 arch:x86

5bf1b5bd46c6b8ed1b967aa874464320

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcrt

free
sprintf
_adjust_fdiv
_initterm
malloc
fclose
fprintf
fopen
strstr
atoi

user32

GetKeyboardState
ToAscii
GetForegroundWindow
GetWindowTextA
ExitWindowsEx
CallNextHookEx

Exports

Exports

KeyProc
Reboot

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE