a80de2234c20ed292c69920fdc198c6846c27de6036e8b4d84fcbb0abe4aba9d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a80de2234c20ed292c69920fdc198c6846c27de6036e8b4d84fcbb0abe4aba9d
Size

122KB
MD5

83ccd22998599b9a65014e0dce3db4f5
SHA1

3c884b05929381c2d40f08447ec6fcb9d47125d7
SHA256

a80de2234c20ed292c69920fdc198c6846c27de6036e8b4d84fcbb0abe4aba9d
SHA512

4ccf809b37aff3c623b814b616d10a509fb498a7c41a10e6e0c3262ed1996edcb2f6b49aabd2f7c89845aa6d23d605f269dd77e44ccbabd84fc2146d926a8738
SSDEEP

768:1+qNQMQsd+qQ5Jl6lflqBxRlHzZN2zQ9k:gqYquelqBxRlHzZN2zQi

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a80de2234c20ed292c69920fdc198c6846c27de6036e8b4d84fcbb0abe4aba9d

Files

a80de2234c20ed292c69920fdc198c6846c27de6036e8b4d84fcbb0abe4aba9d
.exe windows:4 windows x86 arch:x86

584d7f9f9bf522c54a982429fb03b0d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetModuleHandleA
HeapCreate
CloseHandle
ExitProcess

user32

GetWindowTextW
SetCapture
GetActiveWindow
IsChild
SendMessageA
MessageBoxA
DefWindowProcA
TrackPopupMenu
LoadBitmapA
TranslateMessage
DispatchMessageA
GetMessageA
PostQuitMessage
ShowWindow
UpdateWindow
FlashWindowEx
GetKeyState
TranslateAcceleratorA
RegisterClassA
CreateWindowExA
GetDlgItemTextA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE