d553e6ccc3ab49ca64d3972d33f30358 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d553e6ccc3ab49ca64d3972d33f30358
Size

112KB
MD5

d553e6ccc3ab49ca64d3972d33f30358
SHA1

1a40dd64db87a76c4274b150dca4a12feeadee72
SHA256

71f389ad9263e2c34f53ca64330820aa1c9105cc6f35493ccadbb2c1d239d2d8
SHA512

05164062aea5ff009742895cdcbbfa6ee21fd87d82b2b48198dfa09156924e40cc70f7ccab479c35feddf948f059c1f24e635cc2f93888c286c44654a9c3d569
SSDEEP

1536:4iecPjZJcfBO4Vv7SfzrhDRCYeb8nMmcga8Ob6Dh8JR3Bnn1w1V67gl66RidlC6E:4inbZJ6YK70NRCQii1VqMidj58Ie

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d553e6ccc3ab49ca64d3972d33f30358

Files

d553e6ccc3ab49ca64d3972d33f30358
.exe windows:4 windows x86 arch:x86

81ceef63a557c21e99a90eeedd6337be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr71

tolower
malloc
getenv
exit
printf
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
strstr
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
__getmainargs
free

kernel32

GetModuleHandleA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE