bb06e3ad826c8d8ed8656c1b5be14bb8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb06e3ad826c8d8ed8656c1b5be14bb8
Size

30KB
MD5

bb06e3ad826c8d8ed8656c1b5be14bb8
SHA1

59624dc9ba2cb4408297fba768e23efa305b4e25
SHA256

a84b4d4659e1efdd6cf1ee9fbfbe57f937c2c450e7de1522b5adba07dbb4820d
SHA512

f949d7179b6eb84ac205e49731fc75b60381cbca27b2eab9dc2cb43a7283229d7ce9bc6d5b304d9aa99cb5cefe51e2666bc86ddc35094aa6f7d8e7a6230494b7
SSDEEP

192:J9h2P5BocyMlq3J4ZGs+D1FieZx08rQX2LzDAaecPd5wSIAGWk:J9YoJQq3yXC1lfTvDeclqSBk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb06e3ad826c8d8ed8656c1b5be14bb8

Files

bb06e3ad826c8d8ed8656c1b5be14bb8
.dll regsvr32 windows:4 windows x86 arch:x86

b2b468e348ca3ed013055eadbe9804a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
HeapFree
CloseHandle
lstrlenW
CreateFileA
GetSystemDirectoryA
MultiByteToWideChar
lstrlenA
HeapCreate
GetSystemInfo
HeapAlloc
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadFile
DisableThreadLibraryCalls

atl

oleaut32

user32

wsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE