ab7a2c0354317dcdd0aa52dad6db7efdfe893f5c59d1b9a80ffc2543798eee49 | Triage

Sharing

General

Target

ab7a2c0354317dcdd0aa52dad6db7efdfe893f5c59d1b9a80ffc2543798eee49
Size

123KB
MD5

b41d560dbc8926d7ffae8ae2d2cf919a
SHA1

240c7d74285b5b359e0992ad87538b2712f374bf
SHA256

ab7a2c0354317dcdd0aa52dad6db7efdfe893f5c59d1b9a80ffc2543798eee49
SHA512

0b2ca07ff048fb6d2e82845a2a9885f6abe3c20d5cd0367a4a3e72c591fd67ce9dc9a286e13b7668939cd2024ec3546bc10d4a451ba0a56f00d952629310137a
SSDEEP

384:cRoSBvlx11/As+JirH6KvlDSXqjSyC8M4PzM+ikSAJMs:jK1/As+4rV68SyC8JQ+i8/

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab7a2c0354317dcdd0aa52dad6db7efdfe893f5c59d1b9a80ffc2543798eee49

Files

ab7a2c0354317dcdd0aa52dad6db7efdfe893f5c59d1b9a80ffc2543798eee49
.exe windows:4 windows x86 arch:x86

2a57cf8eff524c5b829a21fbcb23a1c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetModuleHandleA
CloseHandle
GetVersionExA
ExitProcess

user32

GetWindowTextW
SetCapture
GetActiveWindow
IsChild
SendMessageA
MessageBoxA
TrackPopupMenu
CreateWindowExA
TranslateMessage
DispatchMessageA
GetMessageA
PostQuitMessage
ShowWindow
FlashWindowEx
GetKeyState
TranslateAcceleratorA
RegisterClassA
DefWindowProcA
GetDlgItemTextA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE