96d5570163482bcf43bccb692f608ed7 | Triage

Sharing

General

Target

96d5570163482bcf43bccb692f608ed7
Size

46KB
MD5

96d5570163482bcf43bccb692f608ed7
SHA1

258ba09c245df06ae03108f87b92ea27a6af14e7
SHA256

d2015d65faf8366a204eb62b38bdf287abe768412c88e85fc30793f9bd14b371
SHA512

63036465b1af15366cfb47172a7c636ee39178a5e7e75b7cc2a8d64df04683d68beca2bc4d88d1f0a770cd6c09659ba61294119aca682b7f7c201c6acf7fa555
SSDEEP

768:hpLX9VgdvVj5eteLQgec9XJWlvTukulFNAbbfzY4q3Ny3kFBKv0Mvv:hN9UZxtVJMT7uT2bbLh13kFBK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96d5570163482bcf43bccb692f608ed7

Files

96d5570163482bcf43bccb692f608ed7
.dll windows:4 windows x86 arch:x86

1c2d42a4e533f3c86f1f4597355c880c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenGroups
CloseEventLog
CryptGetHashParam
CryptSetHashParam
DeleteAce
DuplicateToken

kernel32

WinExec
ExitProcess
TerminateThread

msvcrt

_chkesp
_ctype
_eof
_except_handler2
_CIacos

Exports

Exports

CanDoSilent
GetMD5File
GetMD5Random
GetMD5String
GetMachineKey
KillProc
KillSelf
MutexCheck
MutexWait
dnsr_ping
dnsr_setfields
eula_show
http_get
rc4hex_decode
rc4hex_encode
sft

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE