ab9c906965719863cff65b629474471a | Triage

Sharing

General

Target

ab9c906965719863cff65b629474471a
Size

51KB
MD5

ab9c906965719863cff65b629474471a
SHA1

dbf0be593ace4826f044d33305db28d3f37f40ce
SHA256

4229fa115a0c31b4d472aab602c8b29fca3d17f84c816d26423f77996f8e18d1
SHA512

9aee27770201cddebc72c7aa38b91ee7376793abbdb006d481aa80130497a8416f4c6d4d9bd2d3a604f13ac734fa3e311caeb88c538f11802414803d92592ed8
SSDEEP

384:Anj8E/imYGL2UdCVqSKAsxFBJM8xEq5jDJ17SSGZwzkV2mF11uzNjhHOY7jM+:AjnamYiLddz5BJoUjDJm1F1IjgYP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab9c906965719863cff65b629474471a

Files

ab9c906965719863cff65b629474471a
.exe windows:4 windows x86 arch:x86

194f4b4f9daea5ca855368aee59403d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
HeapAlloc
HeapFree

cc3260mt

@$bdele$qpv
@$bdla$qpv
@$bnew$qui
@$bnwa$qui
@_CatchCleanup$qv
@_InitTermAndUnexPtrs$qv
@_ReThrowException$quipuc
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argc
__argv
__argv_default_expand
__exitargv
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__matherr
__matherrl
__setargv
__startup
__wargv_default_expand
_chdir
_findfirst
_findnext
_free
_malloc
_memcpy
_memmove
_strcat
_strcmp
_strcpy
_strlen

shell32

ShellExecuteA

stlpmt45

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE