07080e512101dfb99d8962114efe6516565a5b210b12821e5d328944e1e7f88f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

07080e512101dfb99d8962114efe6516565a5b210b12821e5d328944e1e7f88f
Size

561KB
MD5

d8b7bf17454297e3611ac37f54c67ac8
SHA1

fd93bf0d377f13f97c9f2238d9c75c73e3686cdd
SHA256

07080e512101dfb99d8962114efe6516565a5b210b12821e5d328944e1e7f88f
SHA512

0574956b409249cd11edc8daca47f11c30f1fbd03f9f1384774e3d56684e8492cab2e9aef616beb0274dead4618d4a4c49133930e089b5285b0eebeaec292041
SSDEEP

6144:0ijjUslRX2WzDjIhaosFqbLjuZ/El1Gdh3X2j82C1DOlMM0EaKnRMjpDuKrFjZv/:Pj4slRXL/OKHmj82CVLfuCn1gq3L

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07080e512101dfb99d8962114efe6516565a5b210b12821e5d328944e1e7f88f

Files

07080e512101dfb99d8962114efe6516565a5b210b12821e5d328944e1e7f88f
.exe windows:4 windows x86 arch:x86

53b338a5a343440770be2403e59415fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExA
HeapDestroy
HeapFree
QueryPerformanceCounter
Sleep
HeapCreate
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleFileNameA
GetTickCount
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree
IsBadReadPtr
lstrcmpiA
FreeLibrary
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle

Sections

UPX0
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE