bdce6b8bb1a271ceaa405aeb379cc14aed0548775244a45f2dca78a70adf4131 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdce6b8bb1a271ceaa405aeb379cc14aed0548775244a45f2dca78a70adf4131
Size

173KB
MD5

47f01067e76a25fa86677e08bf9a6c40
SHA1

14fbba94d05aa3c5b44c17d96a7cec8185cb4bb0
SHA256

bdce6b8bb1a271ceaa405aeb379cc14aed0548775244a45f2dca78a70adf4131
SHA512

b526d81d218aeee314d42744d70dd4232811180f590042ce1493f76d93d2db4c2e7159257ca03df5e238843dd48af06a4ba3ae3330be48ab8223c7da77eb966e
SSDEEP

3072:ELjrMv9v0Y5gZJ4DXPzXx0XyCWwaDoNnPjglpGneq/eaWW5oa8U+aj:ELEvmv4DXPDxTuGoNnPipdxhas

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

bdce6b8bb1a271ceaa405aeb379cc14aed0548775244a45f2dca78a70adf4131
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE