ba2d6a371427e56d7a3730e04941bcc8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba2d6a371427e56d7a3730e04941bcc8
Size

93KB
MD5

ba2d6a371427e56d7a3730e04941bcc8
SHA1

16cef720646b98826a1555ce01f8f4bd18b9e6f7
SHA256

b4d38206c459cc18cc705eabeebec68d0f1358ead13e3c10476f55e6a7173d9b
SHA512

c7b9513a11aa180c4c49b48b6fab22fab9ef350b457dc2686ea00dc91394d5341e72639116120b4c61bc6c175259fe0fbaba26b0aec7fe4dcc42286813574d33
SSDEEP

1536:zXB98naP2D22/muSD6d68BrJBDdppUcr1cbihw66SPMT:7B9g22/dBrJBDdpRWmhBs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba2d6a371427e56d7a3730e04941bcc8

Files

ba2d6a371427e56d7a3730e04941bcc8
.dll regsvr32 windows:4 windows x86 arch:x86

f13f1f3c12de35f8964ab33c4ac4b4b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
DisableThreadLibraryCalls
Sleep
HeapAlloc
GetSystemInfo
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
FreeLibrary
DeleteFileA
LoadLibraryA
lstrcpyA
MultiByteToWideChar
lstrlenA
lstrcatA
WideCharToMultiByte
lstrlenW
GetModuleFileNameA
HeapFree
CreateFileA
WriteFile
GetProcAddress
CloseHandle

ole32

CoCreateInstance

oleaut32

shell32

ShellExecuteA

user32

CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE