c100c3893d71eb5bca73c7b0019d1ea7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c100c3893d71eb5bca73c7b0019d1ea7
Size

19KB
MD5

c100c3893d71eb5bca73c7b0019d1ea7
SHA1

57e855b7264e8ba0470e071180394617b29224ca
SHA256

a21fe4a1c07ee27a1721b8ff4bc8399b6eb1db74cf9df27f41b0eb90095fed98
SHA512

7329dd653a883b7b7cfb275c16b8e688830bd3f4f6cce659004cf318d9053648d286169a352457b9f67127ece35c76fba0b52768928eb92e73de4dae40a2ae79
SSDEEP

384:mZP95nA2Nw77rnpFlbi7qaRgcTCGJYRkX5Yi1epACqa67vvxlL:GPnAIapFlu7qaeyJN5YikKXa67D

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c100c3893d71eb5bca73c7b0019d1ea7

Files

c100c3893d71eb5bca73c7b0019d1ea7
.exe windows:4 windows x86 arch:x86

fabba3cf328658bb6a9da2d4492a25fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

shell32

ShellExecuteA

mfc42

ord1575

msvcrt

exit

msvcp60

??1_Winit@std@@QAE@XZ

Sections

.UPXVER1
Size: 15KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPXVER2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE