559c0656137388a2984328ae83c153d0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

559c0656137388a2984328ae83c153d0N.exe
Size

232KB
MD5

559c0656137388a2984328ae83c153d0
SHA1

08f08a79017e105d77e5ea08480bbd630c5ee95d
SHA256

7671f4db500f32569d0c2ceddf87950be31f7e00ad98b62aff4aa44312c1fff2
SHA512

92b7118abf287c1d0a7ed25fb09d0f6879eb468b5a75b692e930640eb1e4d9cb2f3778d4a428386500b550d4fe57a5eb5a0148c1a2cf9bdfa2840d15572f6822
SSDEEP

3072:y6bUXIUuQsBofOWGd2Mm+HGsUgZGCez+PIn:y6zPdd2MmUtUg2ln

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
559c0656137388a2984328ae83c153d0N.exe

Files

559c0656137388a2984328ae83c153d0N.exe
.exe windows:4 windows x86 arch:x86

ea07f2ac192cd31dd964086469a4b1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
fputc
fputs
free
fwrite
malloc
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strcpy
strlen
vfprintf
_write

Sections

UPX0
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE