adf5132e9bf0852d19e508ca253b5e1300b022f163b3cdd41216adc3db256729 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adf5132e9bf0852d19e508ca253b5e1300b022f163b3cdd41216adc3db256729
Size

124KB
MD5

a28b01f3b9024cc6246e3a9dd6f53f0a
SHA1

a43fa1f23554364db2d7313ee3ac573f6a8fd3fa
SHA256

adf5132e9bf0852d19e508ca253b5e1300b022f163b3cdd41216adc3db256729
SHA512

00d239b03cdc29c680f77b24786fd58e0e68bf13c4f91d9dafe6cad47173c058aceb7ca812a36238ab5c0918199f459c94aecf133ec509f8d9f59f447ef0daef
SSDEEP

384:2Q/VTtY/7iMmQgVCO02JWuCSPmSQAt6SVT9Nm8pPHAsqFaB8wdCMtZub5oqDo6B:dUF2JTPRQAJi85Lqa2MtXco6B

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adf5132e9bf0852d19e508ca253b5e1300b022f163b3cdd41216adc3db256729

Files

adf5132e9bf0852d19e508ca253b5e1300b022f163b3cdd41216adc3db256729
.exe windows:4 windows x86 arch:x86

e59e072cfa70aee4155c6fddecf3a7bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
GetVersion
ExitProcess
FreeLibrary
GetLastError
GetTickCount
InterlockedDecrement
InterlockedIncrement
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
HeapDestroy
QueryPerformanceCounter
LCMapStringW
InitializeCriticalSection
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
GlobalMemoryStatusEx

msacm32

acmStreamOpen

user32

GetMessageA
DefWindowProcA
PostQuitMessage
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
LoadIconA
RegisterClassA

winmm

waveOutClose

Sections

vJYWoZsO
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kixvRMeb
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE