989c75d4e386b807c18212aa5c9a3ae7d197ba8db29a6dc30bb07231fad6fdf4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

989c75d4e386b807c18212aa5c9a3ae7d197ba8db29a6dc30bb07231fad6fdf4
Size

126KB
MD5

40f8def7f813b4b95f243f3d96c674c3
SHA1

f88a8f0a64c7c746b654c3262f0febb941759999
SHA256

989c75d4e386b807c18212aa5c9a3ae7d197ba8db29a6dc30bb07231fad6fdf4
SHA512

3c18337b3f898f87f0b181b87f7e3b9dfe6b6569e33cfb4ea2e13a701ea440951799757fcebc37082ebec03f5a208de4e9886a7085f2b1fdf796e851fde573c6
SSDEEP

384:2Q/VTtY/7iMmQgVCO02JWuCSPmSQAt6SVT9Nm8pPHAsqFaB8wdCMtZub5oqDowiK:dUF2JTPRQAJi85Lqa2MtXcoPeL

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
989c75d4e386b807c18212aa5c9a3ae7d197ba8db29a6dc30bb07231fad6fdf4

Files

989c75d4e386b807c18212aa5c9a3ae7d197ba8db29a6dc30bb07231fad6fdf4
.exe windows:4 windows x86 arch:x86

e59e072cfa70aee4155c6fddecf3a7bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
GetVersion
ExitProcess
FreeLibrary
GetLastError
GetTickCount
InterlockedDecrement
InterlockedIncrement
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
HeapDestroy
QueryPerformanceCounter
LCMapStringW
InitializeCriticalSection
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
GlobalMemoryStatusEx

msacm32

acmStreamOpen

user32

GetMessageA
DefWindowProcA
PostQuitMessage
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
LoadIconA
RegisterClassA

winmm

waveOutClose

Sections

vJYWoZsO
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kixvRMeb
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE