99e30c29ac05bd3a4052eab250668712 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99e30c29ac05bd3a4052eab250668712
Size

176KB
MD5

99e30c29ac05bd3a4052eab250668712
SHA1

b5fa32b68777bf3d281391ee1fe242186edc41e9
SHA256

611a65349778fe69c68292f4d40dd575f326e0cf137cf5b018586e01e0cdea41
SHA512

dc7f1cf07cf14dfea02e9880c16ecaf7d9cfa7345ecd229e6cb4d0b84506511668f36b692053dd861638480439fa2ae8e5785c403c34d7bc7dd1dae398b086e9
SSDEEP

3072:NPMOIJ1rSaIgckN8SWCXH2+puDwK3MET3CcML:NkGcRWp4uE4JM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99e30c29ac05bd3a4052eab250668712

Files

99e30c29ac05bd3a4052eab250668712
.exe windows:4 windows x86 arch:x86

4ddaf4286aab2a71ffdcbcd5e2c5a2dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryExA
lstrcpyA
lstrlenA
GetShortPathNameA
GetModuleFileNameA
ExitProcess

Sections

.text
Size: 4KB - Virtual size: 185B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE