25a0ac75ef3e0c9e2efb520cdd9c606fe0b3d686c22441e68924ac098a99328e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25a0ac75ef3e0c9e2efb520cdd9c606fe0b3d686c22441e68924ac098a99328e
Size

156KB
MD5

49b6c7f8e1cdc5afed9a0802308f5ac0
SHA1

fcd3d4c50a599f1f1ea6bd2dc23903e8bb534125
SHA256

25a0ac75ef3e0c9e2efb520cdd9c606fe0b3d686c22441e68924ac098a99328e
SHA512

349fdd8a3f18ee0be9522aee70b8c5c60e5ae427dcb19fd4375685a3031b677f3f93153b1ba71681e9e553340d9ac2a87fc82b25dada7064ee85fdfac6142b85
SSDEEP

3072:8wlR09Fr7X4K59PmDvH94taHTipqglyGfLDQXuJV+UKMf:Zl2rDT59PmDK0infYXuJcqf

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

25a0ac75ef3e0c9e2efb520cdd9c606fe0b3d686c22441e68924ac098a99328e
.exe windows x86

2d4c74f56cb64178ce976c5dc4c67ffe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rsxnt

RSXNT_Call
RSXNT_Init

kernel32

CloseHandle
CreateEventA
GetCurrentThreadId
OpenEventA
ResetEvent
SetEvent
Sleep
WaitForSingleObject

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE