20240830baaaf1539a72ab606ebdb8f3fc1b9e79satana | Triage

Sharing

General

Target

20240830baaaf1539a72ab606ebdb8f3fc1b9e79satana
Size

144KB
MD5

baaaf1539a72ab606ebdb8f3fc1b9e79
SHA1

edcc94fcc1bb8c70e5ee2d558e22ba3af9350b88
SHA256

cd2b9754497e4b364242705cc435703bc110e1631ff3ec3064f8d05e55e6b268
SHA512

f260103ba23e4a6bd9b6b5ddcf84bf6a1f51d41dfb6624cc736e713443da1b860e4a21983c50d71e86004f936aa82b78df916a9a57434119d03ce8eccb5366ca
SSDEEP

768:oebF010RFnAwJM7MiqwecUaX5h4IuCdYa+XLXTGY1idL2WYiwtwq6gTl7:oep010vnAOIUaJh4IXdWXLXTWLfuR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
20240830baaaf1539a72ab606ebdb8f3fc1b9e79satana

Files

20240830baaaf1539a72ab606ebdb8f3fc1b9e79satana
.exe windows:5 windows x86 arch:x86

6994c55e4441976b5d6be5330caaaa64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
OutputDebugStringA

ntdll

vsprintf
memmove
NtYieldExecution
strchr
strncpy
_stricmp
memset

opengl32

glEnd
glEnable
glLineWidth
glPolygonMode
glColor3d
glBegin
glDisable
glClear
glPointSize
glLineStipple
glVertex3d

user32

MessageBoxA

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE