cd3d893d25ccc04050c3aa42a3e78ed496f48ca8d1202c4aca812fa38a756cf1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd3d893d25ccc04050c3aa42a3e78ed496f48ca8d1202c4aca812fa38a756cf1
Size

460KB
MD5

3157ebbc05ba6464cb9e80cea00b8dd8
SHA1

6826dc8b3c7278f393dcaab34aaa5b33dd2fee6c
SHA256

cd3d893d25ccc04050c3aa42a3e78ed496f48ca8d1202c4aca812fa38a756cf1
SHA512

3e659e0582a14a77ab1fc3d4499a74c79e8a6b80aa0762fdce74af77b40e7e13acf95e59a21206ef33d8c993081f9d6267e046bb76658e12b87767e49a792189
SSDEEP

3072:7T8iRbuVxBGY4J6tFLHPr1fOsY1JWOtENy6cTR:7XbyvoWFQjJmI1

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd3d893d25ccc04050c3aa42a3e78ed496f48ca8d1202c4aca812fa38a756cf1

Files

cd3d893d25ccc04050c3aa42a3e78ed496f48ca8d1202c4aca812fa38a756cf1
.exe windows:4 windows x86 arch:x86

17629847cf056ca5a2c1fda386c78fc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
ExitProcess
WriteFile
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineW
GlobalFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CloseHandle
GetCommandLineA
GetVersionExA
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetACP
GetOEMCP
VirtualAlloc
InterlockedExchange
VirtualQuery
VirtualProtect
GetSystemInfo
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
Sleep
LocalFree
lstrcmpW
lstrlenW
GetStartupInfoA
GetCurrentThread
GetStartupInfoW
CreateFileW

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW
RegOpenKeyA

user32

LoadIconA
GetSystemMetrics

Sections

UPX0
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE