95ac7536425272a3f4771c799606053c12f587bc291aa06afdc1ef29f2b5a019 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95ac7536425272a3f4771c799606053c12f587bc291aa06afdc1ef29f2b5a019
Size

58KB
MD5

e857824feb43e753a9758b2a6da0ff9b
SHA1

3d2a117e62256484e5bfeea8a52325ae76361e17
SHA256

95ac7536425272a3f4771c799606053c12f587bc291aa06afdc1ef29f2b5a019
SHA512

70ae3580226a60b266a56eaa7325aedfb1e353b9b693b94d795002384e9dcbce68f37ced742827fc879aa45204767410c285a10c1b39ebefb4e356f21db88935
SSDEEP

768:ytrJ9Qhtn2SSOcDw1RUTPEZh3OGtrJ9Qhtn2mSOitrJ9Qhtn2mSOiS:ytri2/OcpbEpOGtri2jOitri2jOiS

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95ac7536425272a3f4771c799606053c12f587bc291aa06afdc1ef29f2b5a019

Files

95ac7536425272a3f4771c799606053c12f587bc291aa06afdc1ef29f2b5a019
.exe windows:4 windows x86 arch:x86

802dcac7aab948c19738ba3df9f356d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcmp
memmove
memcpy
strncpy
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
HeapAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetTickCount
TlsGetValue
CopyFileA
WriteFile
HeapFree
CreateFileA
SetFilePointer
GetFileSize
ReadFile
EnterCriticalSection
HeapReAlloc
LeaveCriticalSection
TlsFree
GetLastError
SetLastError
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
CreateThread
ReleaseSemaphore

Sections

.code
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ