5889c1c949974a33e302ada1be64754f79f6a42604107fe40026fbf49f06b5a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5889c1c949974a33e302ada1be64754f79f6a42604107fe40026fbf49f06b5a3
Size

1.4MB
MD5

49d93ee97cd8fe7c7601731c9e4058a0
SHA1

a4b313efa6877676d8e9fa50fc25b5ed09e284c5
SHA256

5889c1c949974a33e302ada1be64754f79f6a42604107fe40026fbf49f06b5a3
SHA512

fd3aa69ebe2dffc8e9c28cc5604b28d084fbd2776f7b65d7e3bfcd0776e4b5a8d30322d429abca4ebb6abd3fad72b8da762f5c0031ccff9d3647d3bd965fccfa
SSDEEP

24576:gSBcH5U104HmnzJfQeDUHmChOGaRZdeBHhJUNACVX:g/zJchTaRZdeBHhJYVX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

5889c1c949974a33e302ada1be64754f79f6a42604107fe40026fbf49f06b5a3
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 880KB - Virtual size: 880KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 427KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE