52c1e114534e588e4dad97278531a1a21adf1970ee929cbafa4d1605a2833219 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52c1e114534e588e4dad97278531a1a21adf1970ee929cbafa4d1605a2833219
Size

4.3MB
MD5

81c1b90bf2a3027ed3318be79348ef3e
SHA1

b4ea5f40c85c4bb1173d679348973327416da140
SHA256

52c1e114534e588e4dad97278531a1a21adf1970ee929cbafa4d1605a2833219
SHA512

28769da4fe18830b6204701d54a47c464c81088aed21105c52f60bbfd4b5210da647e8410f25c9281da8770ba84c80e2e7fc911b855915f19940918d71d4c177
SSDEEP

98304:KtHi5ICZIHTC0pFA49iHKTX85Ja4EaUvQQ332PD:h7SHu0pFAHqo5IQN

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52c1e114534e588e4dad97278531a1a21adf1970ee929cbafa4d1605a2833219

Files

52c1e114534e588e4dad97278531a1a21adf1970ee929cbafa4d1605a2833219
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ