d5c88e0a804906af9c1fff63e3d0adc0N | Triage

Sharing

General

Target

d5c88e0a804906af9c1fff63e3d0adc0N
Size

134KB
MD5

d5c88e0a804906af9c1fff63e3d0adc0
SHA1

56bed3466e731c852110f28d12425164e3546713
SHA256

2e117810d57c7b8f82fa0e8e79b3bfad92182b0648456d8c42bc7e1382781ca9
SHA512

8e319e2e3981636ce1e5d6c6a17cd3971496fd8ea186226c5565b3e8e0c828b8d31c20054468d0d789b781e7173f6c2ab1a40f1638849a312749b86463dc68be
SSDEEP

3072:273TTPHuMRz6NfPGHq+CsMp++xT/CCOcUd8KiCRQOvt2S9KZl:Uj7HuMueKpsMNlOXSjw9vXk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5c88e0a804906af9c1fff63e3d0adc0N

Files

d5c88e0a804906af9c1fff63e3d0adc0N
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE