b8aaabe830eb2c65c001e87366219ebd6f6c3ec49454102fa3ae30ed5c8f7bfbN | Triage

Sharing

General

Target

b8aaabe830eb2c65c001e87366219ebd6f6c3ec49454102fa3ae30ed5c8f7bfbN
Size

416KB
MD5

3baf80ddbd2fb28a5c86969fc661aed0
SHA1

830be4ae74400b7524cb227889e1fd99c2baa985
SHA256

b8aaabe830eb2c65c001e87366219ebd6f6c3ec49454102fa3ae30ed5c8f7bfb
SHA512

f83e76665d3ab16d01450f043048c7fa976347bbdd7dbdd38e147a06b3e7f9f666529e313c3b571fb0828ed5670bf2a578989e0324adefb84fe63ad457895ff6
SSDEEP

3072:GaqfMXKUQBsYofOWGd2Mm+HIUgJrLmxavXjw:Gaqf90+d2MmUIUghL+avX

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8aaabe830eb2c65c001e87366219ebd6f6c3ec49454102fa3ae30ed5c8f7bfbN

Files

b8aaabe830eb2c65c001e87366219ebd6f6c3ec49454102fa3ae30ed5c8f7bfbN
.exe windows:4 windows x86 arch:x86

ea07f2ac192cd31dd964086469a4b1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCommandLineA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_winmajor
abort
atexit
calloc
fputc
fputs
free
fwrite
malloc
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strcpy
strlen
vfprintf
_write

Sections

UPX0
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE