e7d78a8d66490cb3ed8a9bffd4b470c7a5737a04b254f5c5ff19cf9016b23a2c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e7d78a8d66490cb3ed8a9bffd4b470c7a5737a04b254f5c5ff19cf9016b23a2c
Size

476KB
MD5

22966e9c567e93a6cba67be83d256167
SHA1

4b94de815fc934ecabd4a470f8b9e9cf89cd4b9f
SHA256

e7d78a8d66490cb3ed8a9bffd4b470c7a5737a04b254f5c5ff19cf9016b23a2c
SHA512

068e7eae21a791068217df144c9359d3d40924ef22c8034cd08bbabda50933a562b8daf892cef8bb02f95eb7278120edc6f97338e849c9250c49acb71046e31f
SSDEEP

6144:67lNs0eczeGGZQ0FdQv6Z0F9Oa5WfWuJPfoGqJ:mleOeI+Qiy9pyfG

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7d78a8d66490cb3ed8a9bffd4b470c7a5737a04b254f5c5ff19cf9016b23a2c

Files

e7d78a8d66490cb3ed8a9bffd4b470c7a5737a04b254f5c5ff19cf9016b23a2c
.exe windows:4 windows x86 arch:x86

e6ebf7b84f3a3d57bf736c4da20ccfb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
CreateFileW
DeleteCriticalSection
HeapReAlloc
HeapAlloc
ExitProcess
SetEvent
CreateEventA
FormatMessageW
FormatMessageA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
WriteFile
ReleaseMutex
RaiseException
lstrcpyA
lstrlenA
WaitForMultipleObjects
InterlockedIncrement
InterlockedExchange
Sleep

advapi32

RegOpenKeyA

user32

LoadCursorW

Sections

UPX0
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE