bc8d9f4b54e3dcb9e6b7895a520ae03c0b4fd481ebee144f9376d80a510d0672N | Triage

Sharing

General

Target

bc8d9f4b54e3dcb9e6b7895a520ae03c0b4fd481ebee144f9376d80a510d0672N
Size

100KB
MD5

9df652d8e3cce5af7aea424eb7681a80
SHA1

aef0aa52771a342cc6a6ca6d54f8364be49d1fa8
SHA256

bc8d9f4b54e3dcb9e6b7895a520ae03c0b4fd481ebee144f9376d80a510d0672
SHA512

e457cdd5f0de939cf1224f02e420153163f0f2423d413be7585c7d80eb4bbb6b9b3c89fb73d8005b5212af5f95f0db09f75887c6bf17ce16280207a259e31709
SSDEEP

384:Vt5rXsz+w7FsvoohQ/t5rIZ3uJGYSa/VSeL:dROFsAohQDU0/

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc8d9f4b54e3dcb9e6b7895a520ae03c0b4fd481ebee144f9376d80a510d0672N

Files

bc8d9f4b54e3dcb9e6b7895a520ae03c0b4fd481ebee144f9376d80a510d0672N
.exe windows:4 windows x86 arch:x86

dca0885bebee7e21505701ff99e5ec0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
ExitThread
ExpandEnvironmentStringsA
CreateProcessA
CloseHandle
CreateThread
GetVersionExA
GetLocaleInfoA
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
GetFileAttributesA
SetFileAttributesA
CopyFileA
SetErrorMode
CreateMutexA
GetLastError
ExitProcess
GetWindowsDirectoryA
Sleep

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

msvcrt

fopen
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fprintf
fclose
malloc
strstr
strtok
strncpy
rand
sprintf
_snprintf
srand

user32

wsprintfA

ws2_32

inet_addr
gethostbyname
closesocket
recv
select
send
htons
socket
connect
WSAStartup
WSACleanup

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE