c37abe312421560d0747c2a79159b829b63335cedf11eac393861b2524bf3eab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c37abe312421560d0747c2a79159b829b63335cedf11eac393861b2524bf3eab
Size

121KB
MD5

85af0ffcf81f919e130f52a4df30e5b7
SHA1

fcd9cbefa02b79a9b2c6eb5f563942f5ec493fdd
SHA256

c37abe312421560d0747c2a79159b829b63335cedf11eac393861b2524bf3eab
SHA512

6c3aeeb8506a9265103eafa721dfb150e91bba8c684f889983cbf7a88b08d37c055a8f6c81ea4a509f4d69473d128a1f503cd6d5b964de1b76b1b11561146143
SSDEEP

3072:Aq/5jPUtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsrI:AqBjctdgI2MyzNORQtOfl1qNVo7R+S+P

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c37abe312421560d0747c2a79159b829b63335cedf11eac393861b2524bf3eab

Files

c37abe312421560d0747c2a79159b829b63335cedf11eac393861b2524bf3eab
.exe windows:5 windows x86 arch:x86

25ac755abf0fc6158d5678856d4a2335

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetCommandLineA
GetLastError

gdi32

TextOutA

user32

LoadIconA
SendMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
LoadBitmapA
TranslateMessage
LoadCursorA
DispatchMessageA
EndPaint
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
FillRect
GetWindowRect
KillTimer
SetWindowPos
BeginPaint
SetTimer

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE