afae57ef14d24f575a4fb1a0dd68e9ddf2b3291a8073f197a07f467cd30da2ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

afae57ef14d24f575a4fb1a0dd68e9ddf2b3291a8073f197a07f467cd30da2ef
Size

576KB
MD5

5a32ac2590fe54fcccc2cd0b3d45deef
SHA1

bdadde76aea1596d87fb27c575993d47c930928c
SHA256

afae57ef14d24f575a4fb1a0dd68e9ddf2b3291a8073f197a07f467cd30da2ef
SHA512

6a68c1d6ec3006420757d1b930ee1c1c1c3fad8d31502a909d10f59b3fc5a5defaf9da5e4affa57d0a98fb6f4fa281c2e1ed1676e3fba6607b5db0e84c8eed06
SSDEEP

6144:bXcR+Pd2MmUKUgMO1o2uyuyyyyy2lLtdF2Uvfbc:Dcymi2Yv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afae57ef14d24f575a4fb1a0dd68e9ddf2b3291a8073f197a07f467cd30da2ef

Files

afae57ef14d24f575a4fb1a0dd68e9ddf2b3291a8073f197a07f467cd30da2ef
.exe windows:4 windows x86 arch:x86

ea07f2ac192cd31dd964086469a4b1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
fputc
fputs
free
fwrite
malloc
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strcpy
strlen
vfprintf
_write

Sections

UPX0
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE