ba30e8f29318c556022f84803de7f43b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba30e8f29318c556022f84803de7f43b
Size

227KB
MD5

ba30e8f29318c556022f84803de7f43b
SHA1

3645d3c6b712cedb5b9ee9066d2e972d3c4f568d
SHA256

47975eacc5eadaaed80d99e17f6897c74d6531ec8e9173408f0dc77f508311ad
SHA512

0c5d5e7111d40ef8f86eafda23fc030ff77f3b53bdebaf6b7de88ddbb7c95c62702efa673c4af25f0ee31c29f50c7dc6168d10ba9d1f53aa51c8b26eeb6e1521
SSDEEP

3072:jTfKQ2fQnci235IW8coERncHk/KgCw0eF8mOHEYR0zoStkM:j1ci2OsHiMF8XHzm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba30e8f29318c556022f84803de7f43b

Files

ba30e8f29318c556022f84803de7f43b
.exe windows:4 windows x86 arch:x86

002b817c4cc342f2ea12556ba57be3f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
WriteFile
CreateFileA
LockResource
SizeofResource
LoadResource
FindResourceA
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
CloseHandle
GetStdHandle
GetFileType
GetStringTypeW
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

shell32

ShellExecuteA

Sections

UPX0
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE