ea1b164ce12d00258b692f140c76fc00N[.]exe | Triage

Sharing

General

Target

ea1b164ce12d00258b692f140c76fc00N.exe
Size

280KB
MD5

ea1b164ce12d00258b692f140c76fc00
SHA1

da439d15bd358cefea96dcfb283677d55ea4cfff
SHA256

8a761ddb9b6ae2be0889d0d4e1ec032ea40665c85bb75819276682116fbbe9bf
SHA512

6251859dba3edabd885e8796ed6a55acc0656d4aedac6a66e92012b0d51a9abb24cfa860f0cc140f16430628a377b7b9b431ad631731bea75d6d286868116102
SSDEEP

1536:iPE5tgNmHQTAOo4Z6IL3lADK9s9aVD/y/a3933QL5D9199Kh3eOWchkhDxDL29eG:iM5lQPZ/zlJ6abkzDzdARxkazB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea1b164ce12d00258b692f140c76fc00N.exe

Files

ea1b164ce12d00258b692f140c76fc00N.exe
.exe windows:4 windows x86 arch:x86

fda0b783c79c0d3e15c053151eccc9b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
FlushFileBuffers
GetStringTypeW
CloseHandle
LCMapStringW
LCMapStringA
GetStringTypeA
SetStdHandle
LoadLibraryA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetTickCount
GetFileType
SetFilePointer
MultiByteToWideChar
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetLastError
GetOEMCP
HeapAlloc
GetCPInfo
GetACP
VirtualAlloc
HeapReAlloc
GetProcAddress

gdi32

CreateSolidBrush

user32

DialogBoxParamA
GetDlgItem
SetDlgItemTextA
GetWindowRect
SendMessageA
GetDesktopWindow
EndDialog
SetWindowPos
LoadIconA

Sections

UPX0
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE