186cbdd2c6b3cb175badec25282ca75f6685996794ef15fcfa50e74eaf2122e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

186cbdd2c6b3cb175badec25282ca75f6685996794ef15fcfa50e74eaf2122e2
Size

106KB
MD5

ca4a44e1ec569b4be8437ddc45641401
SHA1

fd50efd21661d1a7e1330e60b3ec8b48a7f14cd3
SHA256

186cbdd2c6b3cb175badec25282ca75f6685996794ef15fcfa50e74eaf2122e2
SHA512

8cc0c5c3e88af8aaafab9fa0e4051c3500a1b493da5a8d2f84a87c32d0dd52c974c698a1e823437a4c8b2ff3a61de2667d196cd008638f011f22eb390f5f3f11
SSDEEP

1536:+oXP6P2kbrPU8TVTtopmwru8sjDNdQA1bbQC+rHn9KF0qRcYuIbZ+YS5vgNWzpte:nyrvZwrjQDNdRYxJRIsBcx77

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
186cbdd2c6b3cb175badec25282ca75f6685996794ef15fcfa50e74eaf2122e2

Files

186cbdd2c6b3cb175badec25282ca75f6685996794ef15fcfa50e74eaf2122e2
.exe windows:5 windows x86 arch:x86

a43a38512da1f8b15e273b7213ff70e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DCOMCnfg.pdb

Imports

user32

MessageBoxW

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
LocalFree
FormatMessageW
GetLastError
CreateProcessW
GetSystemDirectoryW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter

msvcrt

_c_exit
swprintf
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit

ntdll

NtQueryInformationProcess

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 100KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE