48610b5a98c906de9587a1708a485bdda61549164bac31a43fd13e8d1e5b4c8d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48610b5a98c906de9587a1708a485bdda61549164bac31a43fd13e8d1e5b4c8d
Size

125KB
MD5

9da30d6a3bf173ab35e4241300d952fc
SHA1

c95112c0dac72960a5232bc5e6dacf5b39ca7e71
SHA256

48610b5a98c906de9587a1708a485bdda61549164bac31a43fd13e8d1e5b4c8d
SHA512

6af0cffadf429ed146145c16e54f58b1dbdf572bb927315ba0e0f9d67122b7610267ec9aa44397f762ff034ce467971654600ce42cf0b58d663bc3dd15f3b437
SSDEEP

384:2Q/VTtY/7iMmQgVCO02JWuCSPmSQAt6SVT9Nm8pPHAsqFaB8wdCMtZub5oqDopmF:dUF2JTPRQAJi85Lqa2MtXcoELJ

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48610b5a98c906de9587a1708a485bdda61549164bac31a43fd13e8d1e5b4c8d

Files

48610b5a98c906de9587a1708a485bdda61549164bac31a43fd13e8d1e5b4c8d
.exe windows:4 windows x86 arch:x86

e59e072cfa70aee4155c6fddecf3a7bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
GetVersion
ExitProcess
FreeLibrary
GetLastError
GetTickCount
InterlockedDecrement
InterlockedIncrement
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
HeapDestroy
QueryPerformanceCounter
LCMapStringW
InitializeCriticalSection
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
GlobalMemoryStatusEx

msacm32

acmStreamOpen

user32

GetMessageA
DefWindowProcA
PostQuitMessage
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
LoadIconA
RegisterClassA

winmm

waveOutClose

Sections

vJYWoZsO
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kixvRMeb
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE