002e20db89778219550bc13dd0636fcffd632d6089a41080dddf09ddc420f28b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

002e20db89778219550bc13dd0636fcffd632d6089a41080dddf09ddc420f28b
Size

634KB
MD5

10a6c10af4c992797fa2ee49318120f9
SHA1

d38c51c07ccdacd83073e052ad12d97019fb1072
SHA256

002e20db89778219550bc13dd0636fcffd632d6089a41080dddf09ddc420f28b
SHA512

5ebd8e4a28fe2ede57b36fb397dd6ffc617a8f32b397944352a1b95020089221f14fb5c106393761bfa4a114df29106bd63513e530e9be60d5e2b094b9c09fbb
SSDEEP

6144:IooZIFH5nxz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1a:ISF151gL5pRTcAkS/3hzN8qE43fm78Vm

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
002e20db89778219550bc13dd0636fcffd632d6089a41080dddf09ddc420f28b

Files

002e20db89778219550bc13dd0636fcffd632d6089a41080dddf09ddc420f28b
.exe windows:4 windows x86 arch:x86

7909826cb72884560635663c8951a127

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA

advapi32

OpenProcessToken

user32

ExitWindowsEx

version

GetFileVersionInfoSizeA

ws2_32

WSAStartup

Sections

VHqxTUpa
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IaDsgWGk
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE