c6550730963ae701d375519fe0040963ff9f9c547052f288c9e6f3708d928224 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6550730963ae701d375519fe0040963ff9f9c547052f288c9e6f3708d928224
Size

448KB
MD5

ec98ab4b48b40be751dafc6933dab7c6
SHA1

dd1ef260e7d19efd64282448077d4522016628ee
SHA256

c6550730963ae701d375519fe0040963ff9f9c547052f288c9e6f3708d928224
SHA512

88cd0b17e8240411471b0064db60a9f385a9eaf2538c6d1aafcdd0c7681bbbcd86d6a9a29e3a6e14d77a52c41e2a30c1441fe0ab2c09601458aa043ada9a50d4
SSDEEP

6144:BlzorUBKKSP5uqCCXVES8OLamr3RLx5lH:BtJBzm583m3vP

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6550730963ae701d375519fe0040963ff9f9c547052f288c9e6f3708d928224

Files

c6550730963ae701d375519fe0040963ff9f9c547052f288c9e6f3708d928224
.exe windows:5 windows x86 arch:x86

b4f39bb6c500ec996b267417473895e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileA
GetTickCount
GetModuleHandleA
GetCommandLineA
GetProcAddress
GetStartupInfoA
ExitProcess

advapi32

RegOpenKeyA

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
BitBlt

user32

GetSystemMetrics
LoadBitmapA
GetMessageA
LoadIconA
LoadMenuA
PostQuitMessage
RegisterClassExA
ReleaseDC
SetMenu
ShowWindow
TranslateMessage
UpdateWindow
LoadIconW
GetDC
EndPaint
DispatchMessageA
DefWindowProcA
CreateWindowExA
BeginPaint
LoadCursorA

Sections

UPX0
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE