e1b83d95a97da9c879b29bcd07e9f91fc94f41df347670f1db159cf0be72c114 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1b83d95a97da9c879b29bcd07e9f91fc94f41df347670f1db159cf0be72c114
Size

2.2MB
MD5

ebe0926afde3ff6fbd657eb7da80b761
SHA1

e63bcfd586093879d7778fdf1007bba1f967ea85
SHA256

e1b83d95a97da9c879b29bcd07e9f91fc94f41df347670f1db159cf0be72c114
SHA512

b9d9be7bdb4131e23ed7d6649b8bb054d896c1679ebe4ac668dc5938e4b0f953e4adf3039a4e30b901bc42035bea7d80b6c655fbe998cf1afdb1ad41ec840021
SSDEEP

24576:bzewf6SZDDiP/kRyVDy2u+2arRRq7h6dnZtRQAPwp/M14Z:+FMDDiP/vgHhQRQ6s

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1b83d95a97da9c879b29bcd07e9f91fc94f41df347670f1db159cf0be72c114

Files

e1b83d95a97da9c879b29bcd07e9f91fc94f41df347670f1db159cf0be72c114
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

AddUrlToFavorites
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllRegisterWindowClasses
DllUnregisterServer
DoAddToFavDlg
DoFileDownload
DoFileDownloadEx
DoOrganizeFavDlg
HlinkFindFrame
HlinkFrameNavigate
HlinkFrameNavigateNHL
IEWriteErrorLog
OpenURL
SHAddSubscribeFavorite
SHGetIDispatchForFolder
SetQueryNetSessionCount
SoftwareUpdateMessageBox
URLQualifyA
URLQualifyW

Sections

UPX0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 690KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE