8c6cda80599501163bda35562d5b1511c437834982d83235d8211ed23cf4058a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c6cda80599501163bda35562d5b1511c437834982d83235d8211ed23cf4058a
Size

121KB
MD5

5603f301d3f3a6fbf96f2d804b21f2bc
SHA1

db2f8494a23d09f3b15bdaa7b85bc75c2a0dcafe
SHA256

8c6cda80599501163bda35562d5b1511c437834982d83235d8211ed23cf4058a
SHA512

85401706fb75f8a3383c2212be3e8cc5f7f9c530321b8ffa8943094c275ec62d99c0e867307927fa6b679016f592504258ff8cda0d384509956ecc9721736677
SSDEEP

384:c8JRWZu9f0xz6N0VUd9rQD9pJRWZu9DF0l76YLCZljNhL4:c8JexeNxrQDJZ27FCvjo

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c6cda80599501163bda35562d5b1511c437834982d83235d8211ed23cf4058a

Files

8c6cda80599501163bda35562d5b1511c437834982d83235d8211ed23cf4058a
.exe windows:4 windows x86 arch:x86

5db373b599febd129ea1646eaa3faf4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
LoadLibraryW
FindClose
HeapCreate
CloseHandle
FindFirstFileW
CreateFileW
FindNextFileW
WriteFile
ReadFile
GetStartupInfoA

comctl32

ord17

user32

UpdateWindow
ShowWindow
DefWindowProcW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
SetWindowTextW
PostMessageW
GetWindowTextW
RegisterClassW

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE