5ac648659b2820df3346354890c15678db34b5ba10949324cd7698650591d9fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ac648659b2820df3346354890c15678db34b5ba10949324cd7698650591d9fb
Size

1.5MB
MD5

24bff2ff7415886b70fe4d30d4055cd6
SHA1

d820381f60025aeb9b8372e1e66106b483970394
SHA256

5ac648659b2820df3346354890c15678db34b5ba10949324cd7698650591d9fb
SHA512

99cc09c9631b2e7f8f630fc3a560363a1666f1b69954672bfbd5cd0ced1e85a3898fb3dcaa771d5b47c8c0bfadf682f9bf0f03c9d66bcbf795a773b21a758e73
SSDEEP

24576:tu6J33O0c+JY5UZ+XC0kGso7OLaTYI1lOq6sb8hTHA80/WY0:fu0c++OCvkGs8OLaTYi6skHX0OY0

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Files

5ac648659b2820df3346354890c15678db34b5ba10949324cd7698650591d9fb
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 793KB - Virtual size: 864KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 341KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 355KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE