c192ea5c543195ee7ff5f859df783c8be18bae862c012695588287a63b08063d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c192ea5c543195ee7ff5f859df783c8be18bae862c012695588287a63b08063d
Size

121KB
MD5

1f8154145add130e7f92cfaa5d4f38a7
SHA1

7ed06dfad9b512d1b4739f35d2dbed73da91a7fc
SHA256

c192ea5c543195ee7ff5f859df783c8be18bae862c012695588287a63b08063d
SHA512

07359d636748c83c51bb3d41f2153f0c7cb44b22e57d24269816776190a4777720033f199a68074f5c67a323d4bbaabfd9c816362ed25bbf882707c0b737a53e
SSDEEP

3072:Aq/5jPUtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7Zsro:AqBjctdgI2MyzNORQtOfl1qNVo7R+S+f

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c192ea5c543195ee7ff5f859df783c8be18bae862c012695588287a63b08063d

Files

c192ea5c543195ee7ff5f859df783c8be18bae862c012695588287a63b08063d
.exe windows:5 windows x86 arch:x86

25ac755abf0fc6158d5678856d4a2335

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCommandLineA
GetLastError

gdi32

TextOutA

user32

LoadIconA
SendMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
LoadBitmapA
TranslateMessage
LoadCursorA
DispatchMessageA
EndPaint
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
FillRect
GetWindowRect
KillTimer
SetWindowPos
BeginPaint
SetTimer

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE