e7877c7afff1676c5a21d13b1d6d5b47febd485b657fa136a298ba3e1f319402 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e7877c7afff1676c5a21d13b1d6d5b47febd485b657fa136a298ba3e1f319402
Size

244KB
MD5

3696f20477f1c194810afd8e9172dbc9
SHA1

7feacf7ebb5ed9859087fc5fc703612555cf0a27
SHA256

e7877c7afff1676c5a21d13b1d6d5b47febd485b657fa136a298ba3e1f319402
SHA512

ff46154cdf40ed9eeab38a44b4e250d0c91609e6a7621996c93a1c7281613e1816a0e19956a6aa5ca2e7e256b6df8e283ba1c4283dd651c1a8ccd47ac081703c
SSDEEP

3072:rCrGJNOu3ap01kqMTue7gNbVB/rB78TFTHugCoReiVWeJfefVUxtV:rCyKp+kqKt7gZ3qTFbIyVWeU2xtV

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7877c7afff1676c5a21d13b1d6d5b47febd485b657fa136a298ba3e1f319402

Files

e7877c7afff1676c5a21d13b1d6d5b47febd485b657fa136a298ba3e1f319402
.exe windows:1 windows x86 arch:x86

2c2dc9c295ee59c142dfd7ce22651b9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind

advapi32

RegOpenKeyExA
RegQueryValueExA

crtdll

__GetMainArgs
exit
raise
signal

iphlpapi

GetAdaptersInfo

ntdll

RtlInitUnicodeString
RtlFreeHeap

ulib

?Usage@PROGRAM@@UBEXXZ

user32

GetCursorInfo

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE