386756fedb3ab327d673b24c352a3158658a3d59185a8ffd3063de934205b7b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

386756fedb3ab327d673b24c352a3158658a3d59185a8ffd3063de934205b7b1
Size

164KB
MD5

242967789ef69a8f47d7692a400d3fa3
SHA1

694cb022f9f872c06ab2be63792c7f3353080559
SHA256

386756fedb3ab327d673b24c352a3158658a3d59185a8ffd3063de934205b7b1
SHA512

1226acebcf3a10b3e34a6b354b2567ebf99a88972828221414705434adaa93791fcc5fdd2c370c5617d6f318afc8fa0ad5928ee4ebba8b8e18e45b8d536be47b
SSDEEP

1536:u6RQxR1Hgur/cgllYSNW2F6Q95xdZ+T6lAj:YR1AuwQ95xdZ+iS

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
386756fedb3ab327d673b24c352a3158658a3d59185a8ffd3063de934205b7b1

Files

386756fedb3ab327d673b24c352a3158658a3d59185a8ffd3063de934205b7b1
.exe windows:4 windows x86 arch:x86

633dfa50ce92ff394a805f502a1c9d28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetStartupInfoA
GetModuleHandleA
ExitProcess
GetCommandLineA
GetProcessHeap
CreateDirectoryA
GetCommandLineW
lstrlenA
LoadLibraryA
WriteProcessMemory

gdi32

TextOutA

shell32

CommandLineToArgvW

user32

LoadAcceleratorsA
LoadIconA
RegisterClassExA
GetMessageA
LoadStringA
TranslateMessage
DispatchMessageA
BeginPaint
EndPaint
TranslateAcceleratorA
LoadCursorA
ShowWindow
CreateWindowExA
DefWindowProcA
SendMessageA
DestroyWindow
PostQuitMessage
SetFocus
UpdateWindow

wtsapi32

WTSEnumerateProcessesA
WTSLogoffSession
WTSQuerySessionInformationA
WTSWaitSystemEvent

Sections

UPX0
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE