252d407ef0cd0ab43f1c5471eecc33ce3ed466f6c7a975462afd117b9b4a9d13 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

252d407ef0cd0ab43f1c5471eecc33ce3ed466f6c7a975462afd117b9b4a9d13
Size

187KB
MD5

fb0cf10e740b394fbcc2eca99a204b2d
SHA1

d5c5a0986d4b7536c40034c3354659995b19624f
SHA256

252d407ef0cd0ab43f1c5471eecc33ce3ed466f6c7a975462afd117b9b4a9d13
SHA512

1021fc671b4b85b30d799a45201774dcd3d9ad525f843608b72c13d3640b9b56c99ca7c53b0f4f39dc2d124638bc5960459496488dd65828eb7e40493c72a8d8
SSDEEP

1536:uGqlsDoX3rDg+9RT38NKdPAFrvJ70h1YXnj3WCW2EW51HKSdq4F4A9H:uTCDYDg+vr87rnj3WCW2EW51HKKn4A9H

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
252d407ef0cd0ab43f1c5471eecc33ce3ed466f6c7a975462afd117b9b4a9d13

Files

252d407ef0cd0ab43f1c5471eecc33ce3ed466f6c7a975462afd117b9b4a9d13
.exe windows:4 windows x86 arch:x86

7909826cb72884560635663c8951a127

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA

advapi32

OpenProcessToken

user32

ExitWindowsEx

version

GetFileVersionInfoSizeA

ws2_32

WSAStartup

Sections

VHqxTUpa
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IaDsgWGk
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE