b7fafb346ea5a95ddfba454bdd7a0730a717992faf40923328d8ebbbdcbea88c | Triage

Sharing

General

Target

b7fafb346ea5a95ddfba454bdd7a0730a717992faf40923328d8ebbbdcbea88c
Size

125KB
MD5

a891c843d76d0ff0738e6219d00ed006
SHA1

a35afcaf2885fa223d4663cf5d3604a6709bbb76
SHA256

b7fafb346ea5a95ddfba454bdd7a0730a717992faf40923328d8ebbbdcbea88c
SHA512

399fecbb0f52e0048d03fb0b5a3cbb5861df514f977406bc5870b47a96d909989e3fa28f4f18342e9dbf1abbf73ba5107917f83cfb7757da0188bdc58501b49f
SSDEEP

384:2Q/VTtY/7iMmQgVCO02JWuCSPmSQAt6SVT9Nm8pPHAsqFaB8wdCMtZub5oqDopm2:dUF2JTPRQAJi85Lqa2MtXcoELS

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7fafb346ea5a95ddfba454bdd7a0730a717992faf40923328d8ebbbdcbea88c

Files

b7fafb346ea5a95ddfba454bdd7a0730a717992faf40923328d8ebbbdcbea88c
.exe windows:4 windows x86 arch:x86

e59e072cfa70aee4155c6fddecf3a7bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
HeapCreate
HeapAlloc
GetVersion
ExitProcess
FreeLibrary
GetLastError
GetTickCount
InterlockedDecrement
InterlockedIncrement
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
HeapDestroy
QueryPerformanceCounter
LCMapStringW
InitializeCriticalSection
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
GlobalMemoryStatusEx

msacm32

acmStreamOpen

user32

GetMessageA
DefWindowProcA
PostQuitMessage
InvalidateRect
SetWindowPos
EndPaint
GetWindowTextA
GetWindowTextLengthA
GetClientRect
BeginPaint
SetWindowTextA
MsgWaitForMultipleObjects
IsWindow
CreateCaret
ShowCaret
HideCaret
DestroyCaret
LoadIconA
RegisterClassA

winmm

waveOutClose

Sections

vJYWoZsO
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kixvRMeb
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE