malware[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

malware.exe
Size

7.3MB
MD5

11d9aaa73cc74c7fab4a59ddb06a167c
SHA1

f831c54a7ab079fad39e78ed331d8043f703b3b7
SHA256

f12736051e4df3d70a26da397ab6b5f7b54f8de9ffec759afb99a91b59568019
SHA512

076c24988ea3ad1a9f4bcd40e461010f73b96b71812e36646d77a379bde7314c46a81beb84ba73fff2e264c723c9aeee12588c9e66595acb5ccf8680bea031d4
SSDEEP

196608:CUKvea9kMvSU7rBoI5HV2xzm478B27oynUV1l46w:Cfve25p350pm68EXoP

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
malware.exe

Files

malware.exe
.exe windows:6 windows x64 arch:x64

17558573395da728fad973fe003980be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExW
GetVersion
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

DeregisterShellHookWindow
CharUpperBuffW

gdi32

SetMapMode

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExA

Sections

.code
Size: - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jdata
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17558573395da728fad973fe003980be

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.code Size: - Virtual size: 484KB

.data Size: - Virtual size: 370KB

.pdata Size: - Virtual size: 20KB

_RDATA Size: - Virtual size: 348B

.jdata Size: - Virtual size: 126KB

UPX0 Size: - Virtual size: 4.5MB

UPX1 Size: 7KB - Virtual size: 7KB

UPX2 Size: 7.2MB - Virtual size: 7.2MB

.reloc Size: 512B - Virtual size: 204B

.rsrc Size: 73KB - Virtual size: 73KB

.code
Size: - Virtual size: 484KB

.data
Size: - Virtual size: 370KB

.pdata
Size: - Virtual size: 20KB

_RDATA
Size: - Virtual size: 348B

.jdata
Size: - Virtual size: 126KB

UPX0
Size: - Virtual size: 4.5MB

UPX1
Size: 7KB - Virtual size: 7KB

UPX2
Size: 7.2MB - Virtual size: 7.2MB

.reloc
Size: 512B - Virtual size: 204B

.rsrc
Size: 73KB - Virtual size: 73KB