23a825f684cd5afc1bb4a6070534d1c06f228b4a1dcc8f02268716517d18b4b6N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23a825f684cd5afc1bb4a6070534d1c06f228b4a1dcc8f02268716517d18b4b6N
Size

260KB
MD5

fe9b93923e7b820474a1555c755d71e0
SHA1

1e53d60dd3ddd14951cecb2d2221c7dc177abda1
SHA256

23a825f684cd5afc1bb4a6070534d1c06f228b4a1dcc8f02268716517d18b4b6
SHA512

b7da2b3c908e2d39b10b4c6c0d619f62fa12f87926528b7537aef76efde44caad6e947142331f34cf4998c94aabd63209fb9a092419b4f9b2a2e1d28dcd9f54c
SSDEEP

3072:vxQAR5v4taTi5qcfewiPwBryBrgIXiJZRIRi4/zOlzmF:6GvbTi5qcfewiPwqgIXaZR14/zWA

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23a825f684cd5afc1bb4a6070534d1c06f228b4a1dcc8f02268716517d18b4b6N

Files

23a825f684cd5afc1bb4a6070534d1c06f228b4a1dcc8f02268716517d18b4b6N
.exe windows:7 windows x86 arch:x86

7520e7ebef1ce3345dba145bfa084430

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
CreateDirectoryA
FindFirstFileA
FindNextFileW
ExpandEnvironmentStringsA
CreateFileA
GetCommandLineA
BackupRead
FindFirstFileW
CloseHandle
CreateDirectoryW
FileTimeToSystemTime
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
DeleteFileA
FormatMessageA
CreateThread
DeviceIoControl
CompareStringW
VirtualAlloc
FreeLibrary
ExitProcess
CompareStringA
FlushFileBuffers
CopyFileExW

advapi32

SetEntriesInAccessListA

imm32

ImmEnumInputContext

secur32

SaslInitializeSecurityContextA

shell32

SHGetFileInfoW

user32

CharLowerA
CharToOemBuffA
CharLowerW
CharUpperA
OemToCharA
CharUpperW
ExitWindowsEx
ImpersonateDdeClientWindow
CharToOemA
MessageBoxA
LoadStringA

Sections

UPX0
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE