99e59565fb9b6fd5bba6a899d1db91b4 | Triage

Sharing

General

Target

99e59565fb9b6fd5bba6a899d1db91b4
Size

107KB
MD5

99e59565fb9b6fd5bba6a899d1db91b4
SHA1

962f523bfb60dae4991091343135af7cf6d5fb70
SHA256

b57995c6f628c3279ef8d7a4f914e1f17958c9615af641db9b407bfcac1ab54e
SHA512

433765f9c7bb6135db8ed05cab0c03d10651886eddaa8f0950947347e6ff797a086b76e8de54c255e2ae1b0727aeb88bc0168c0498e0852c808162ca3ba66d6c
SSDEEP

768:nCG6ZxXE26WUBjK+azJXVNLhNPniD0mDyWQDf7GgTrCsrvzA5YDxLXE:j6Z9l6VK+C5r3PnDJaeCsrzAU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99e59565fb9b6fd5bba6a899d1db91b4

Files

99e59565fb9b6fd5bba6a899d1db91b4
.exe windows:4 windows x86 arch:x86

be61281d683ad8a9c6984ffae37b5101

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegOpenKeyExA
AdjustTokenPrivileges

kernel32

WriteProcessMemory
VirtualAllocEx
GetProcAddress
Sleep
WriteFile
CreateFileA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
CopyFileA
DeleteFileA
WaitForSingleObject
SetThreadPriority
VirtualFreeEx
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
TerminateProcess
OpenProcess
CreateEventA
OpenEventA
VirtualAlloc
VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
LoadLibraryA
CreateRemoteThread
GetCurrentThreadId
ExitProcess
GetCurrentProcess
CreateThread
CloseHandle

user32

GetWindowTextA
EnumThreadWindows
GetWindow
FindWindowA
SendMessageA
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetInputState
PostThreadMessageA
GetClassNameA

Sections

UPX0
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE