6164ced5847602cbb249699e17352e1a760e14d1509baf4a68816232e9648a2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6164ced5847602cbb249699e17352e1a760e14d1509baf4a68816232e9648a2f
Size

248KB
MD5

a38778d0a5bb15cf27fba920f706dbf4
SHA1

a9f61c6028813485d4697edacde2c2413f9eb282
SHA256

6164ced5847602cbb249699e17352e1a760e14d1509baf4a68816232e9648a2f
SHA512

a52bbb74567707f6deed38af34eea23356e749ed4ba9b916509cf4efa58975f90c10fb42a1f98a8c6b21567f9057c4c190cf1f69a468e3e69ed292abac5d54c2
SSDEEP

6144:PHE3+pT761DWQ6xYhquyURLN3KyWYj4sTkei34hiWb7qs:c+T761D8CVfN3KyWY8sY/34hlys

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

6164ced5847602cbb249699e17352e1a760e14d1509baf4a68816232e9648a2f
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Install
OffEvent
OnEvent
QueryStartSequence
StartFoo
StartMain
Uninstall

Sections

UPX0
Size: - Virtual size: 380KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE