1f4eed2c04c4a8bf8550ab480782ba818bed934efa55b862e7eb5bf64e62287b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f4eed2c04c4a8bf8550ab480782ba818bed934efa55b862e7eb5bf64e62287b
Size

116KB
MD5

9816db9dbb582adef4ed95b2e69459de
SHA1

6a8c961de36c502c1a5092f9df74587d09433ce2
SHA256

1f4eed2c04c4a8bf8550ab480782ba818bed934efa55b862e7eb5bf64e62287b
SHA512

16eca9226f8cd5c0d48f7cc2bf12fb3c9c06b6e6631f75c713db933d760fcb4aca231e9ab9ed4f08afa22b0fce7ea1cb50873a1360314553e8da6a233a69a22d
SSDEEP

768:tOVqs9clRzF/3oal3tayeg9bDSpWvTGAT:oo6clR5QE39eg9XSpaKk

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f4eed2c04c4a8bf8550ab480782ba818bed934efa55b862e7eb5bf64e62287b

Files

1f4eed2c04c4a8bf8550ab480782ba818bed934efa55b862e7eb5bf64e62287b
.exe windows:4 windows x86 arch:x86

32c6c5b6a5c1032b2cb113ee7845f79e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCommandLineA
FindClose
CreateFileMappingA
DeleteFileA
CloseHandle
GetLastError

gdi32

CreateSolidBrush

user32

CreateWindowExA
TranslateMessage
DispatchMessageA
RegisterClassExA
PostQuitMessage
ShowWindow
UpdateWindow
DefWindowProcA
SendMessageA
LoadIconA
LoadCursorA
FillRect
GetDC
SetWindowPos
GetWindowRect
GetMessageA
PostMessageA

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE