c4ec4f5ca68cbad6173afd41b8fd0c52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4ec4f5ca68cbad6173afd41b8fd0c52
Size

436KB
MD5

c4ec4f5ca68cbad6173afd41b8fd0c52
SHA1

2a8cda5daea848ebf47a77e3e248061dbb03e6e3
SHA256

0edbaa91b1d2b1ede053012ad0f8d5630d80c4a6d62f6dc58b49c9d8d8614869
SHA512

4170ff55a18b008879e894964528d2179a5dcbc42a6e35427050610514b0da078c012a5f505111fb41d7fe5fb736359857c2913df5cb037198dc85bf4792d656
SSDEEP

3072:Oloo3rA4graUk5npxpN76SNCZteSnrS0xNSBYsKnI:oZUbkR513UZtDS0aYsK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4ec4f5ca68cbad6173afd41b8fd0c52

Files

c4ec4f5ca68cbad6173afd41b8fd0c52
.exe .js windows:4 windows x86 arch:x86 polyglot

4eee10b90480b06c0c3cffab1cbd10ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetCommandLineA
GetVersion
HeapFree
GetLastError
CloseHandle
WriteFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE