c5ab50f7d41c5c2815fe27af9a9224ba63f50a199f1ed81d386832d79987d111 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5ab50f7d41c5c2815fe27af9a9224ba63f50a199f1ed81d386832d79987d111
Size

177KB
MD5

6410631397a21d2d8e3bc4d3a2ab3a70
SHA1

cfe8e076abc52dfbc5cb5070f11c0e654896676d
SHA256

c5ab50f7d41c5c2815fe27af9a9224ba63f50a199f1ed81d386832d79987d111
SHA512

3d8b2e97e0e470140680e8bfa7856ae2e887a0f4aa7d400467c90c87bd704fa7557fdc433f4adf60ef9f7c76e269dae2b0364c08283ddef0e14e18210f795e54
SSDEEP

3072:NKO+hckvZ69jIzs4veakcdgWvxvPPwgwtelAhHpReHVN86FbHSw3E:NKthXh69jI7ve/f8xHPwtYlIEfbHF

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

c5ab50f7d41c5c2815fe27af9a9224ba63f50a199f1ed81d386832d79987d111
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CreateTextEffect
FolderWatch
GetPlugInInfo
IVLoadImage
LoadResourceImage
ScanResourceImages

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE