cc60b803237741656c2bd1add9dd5a25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc60b803237741656c2bd1add9dd5a25
Size

31KB
MD5

cc60b803237741656c2bd1add9dd5a25
SHA1

de610c6156f97de4d7ae4b9b001990733120d034
SHA256

5b8716b5b27ead148ab99794f753a896b73a699fa2a86e839e5218c6950592a3
SHA512

77ab763026f84c0d0690c5dd20ca9dc77a554ddf2330eee3a4cead561712fcb0e5ff4432c7bf552f9e43873f43e04ce0048d6d8881c17382d336ce08f7985156
SSDEEP

384:0zVHbpZCfZVN0sL/VtszqFfIy+A2NHCySlsnvR9IvJNLg:0FHGZVvLbszq+y+5NHXSlgsBNL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc60b803237741656c2bd1add9dd5a25

Files

cc60b803237741656c2bd1add9dd5a25
.exe windows:4 windows x86 arch:x86

a12a16d47b47ce0a60665c0637c99926

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetTempFileNameA
GetSystemDirectoryA
GetTempPathA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
FindResourceA
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLastError
DeleteFileA
SizeofResource
LoadResource
LockResource
CreateFileA
WriteFile
CloseHandle
GetModuleFileNameA
GetShortPathNameA
lstrcpyA
lstrcatA
GetCurrentProcess
GetEnvironmentVariableA

advapi32

RegFlushKey
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegRestoreKeyA
RegCloseKey
RegSaveKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

msvcrt

strrchr
??2@YAPAXI@Z
memset
strcpy
_mbscmp
_mbsrchr
sprintf
strncpy
strlen
strcat

shell32

StrCmpNIA
ShellExecuteA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE