2c6382f7910b568f1158f41870298d35cc3b9e9eb08a426aceaa0372bf4c07dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c6382f7910b568f1158f41870298d35cc3b9e9eb08a426aceaa0372bf4c07dd
Size

634KB
MD5

824e4edece26b17a25b00b06c72bf89f
SHA1

f6a6d352714a231b2c223a20e1340adf856a2590
SHA256

2c6382f7910b568f1158f41870298d35cc3b9e9eb08a426aceaa0372bf4c07dd
SHA512

c5a8ec60ca2eb8d686ecc3658bc6e67f715ca62d4c27c9be3266bbbca93af95fdb112c50f2e454f3c19ca2d104416acc2c4a6b55ca04ac0b0bddd00c228d0221
SSDEEP

6144:IooZIFH5nsz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1/:ISF1C1gL5pRTcAkS/3hzN8qE43fm78V7

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c6382f7910b568f1158f41870298d35cc3b9e9eb08a426aceaa0372bf4c07dd

Files

2c6382f7910b568f1158f41870298d35cc3b9e9eb08a426aceaa0372bf4c07dd
.exe windows:4 windows x86 arch:x86

7909826cb72884560635663c8951a127

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA

advapi32

OpenProcessToken

user32

ExitWindowsEx

version

GetFileVersionInfoSizeA

ws2_32

WSAStartup

Sections

VHqxTUpa
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IaDsgWGk
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE