ecf07eab2d8f0ba480f8490f92bed5ca3dd1158d8c53ecf7db6299c2b2532e7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ecf07eab2d8f0ba480f8490f92bed5ca3dd1158d8c53ecf7db6299c2b2532e7a
Size

112KB
MD5

808b70266ee2d70b3143a034379ab015
SHA1

3b18de3c0d14490cfb728727275ffd79867996df
SHA256

ecf07eab2d8f0ba480f8490f92bed5ca3dd1158d8c53ecf7db6299c2b2532e7a
SHA512

9ee9e526be1225eee3cc29bf0e02cb33ed36a3a74ad577f1c5521418ee431a6108046b502ea2d4b27c578728fc087ac6459e557b29e488ccd6375327c2b05c4b
SSDEEP

384:5pZVJZwlrRVHQ3bXykJBqhz9QhtGSdY5mez5ieVJZwlrRVeTpFE4bOh3Od1qTnI:LDw1RFtrJ9Qhtn1+5RDw1RUTPEVh3O2

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecf07eab2d8f0ba480f8490f92bed5ca3dd1158d8c53ecf7db6299c2b2532e7a

Files

ecf07eab2d8f0ba480f8490f92bed5ca3dd1158d8c53ecf7db6299c2b2532e7a
.exe windows:4 windows x86 arch:x86

d028ed91d908ca3f4bdbbbb8a346d246

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
HeapAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetTickCount
TlsGetValue
CopyFileA
WriteFile
HeapFree
CreateFileA
SetFilePointer
GetFileSize
ReadFile
EnterCriticalSection
HeapReAlloc
LeaveCriticalSection
TlsFree
GetLastError
SetLastError
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
CreateThread
ReleaseSemaphore

msvcrt

memset
strcmp
memmove
memcpy
strncpy
strlen

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE