d61d3cdfb5c356c6db4d090b431d2c8cbf55ffc6616ea9055c42ad866a7ea397 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d61d3cdfb5c356c6db4d090b431d2c8cbf55ffc6616ea9055c42ad866a7ea397
Size

232KB
MD5

46c46929af4659844a0b9bb007e3795d
SHA1

3adad50317a75cc32b3012ba50083925f1c50eec
SHA256

d61d3cdfb5c356c6db4d090b431d2c8cbf55ffc6616ea9055c42ad866a7ea397
SHA512

00d7e25eaa8c8e0c1368bd8d9ef518ccb0623b7fbfc216a7ae25cbd63e92ee7fd47c1bbc2f2912f29cdc8f121bb9e3b02dcf7c0f240c04f7f5b3a028b7f3d320
SSDEEP

1536:dDm+cyFRCroF1iXZhSUhWqs1ouJ1gJcxWGd+oryMm+HAUgeVt14K2aB39x:9m+YXCUh9s1ofOWGd2Mm+HAUgeH14K3

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d61d3cdfb5c356c6db4d090b431d2c8cbf55ffc6616ea9055c42ad866a7ea397

Files

d61d3cdfb5c356c6db4d090b431d2c8cbf55ffc6616ea9055c42ad866a7ea397
.exe windows:4 windows x86 arch:x86

ea07f2ac192cd31dd964086469a4b1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
fputc
fputs
free
fwrite
malloc
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strcpy
strlen
vfprintf
_write

Sections

UPX0
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE