fb1974ddf8f73268adfaf259e094165c339edb5a4e15a2394c71b38bc30c44c6 | Triage

Sharing

General

Target

fb1974ddf8f73268adfaf259e094165c339edb5a4e15a2394c71b38bc30c44c6
Size

1.0MB
MD5

0eaf0d9d57aa8d73a70a9e6acfdd0e78
SHA1

eab4c059f03986fdfc8a3273ba7dc49755616c6a
SHA256

fb1974ddf8f73268adfaf259e094165c339edb5a4e15a2394c71b38bc30c44c6
SHA512

88089f922dbe64d27d9594e576ad066c8c4a35a9ceff562413b513881974b1693ad1b57048d63cb78112c79c5e9ce5f838581c1caf89f66dd2fc8f19ce28a75a
SSDEEP

24576:J41Q6+97N8ahhJ5EvuZ7chtBWL9wLBVqTFmarRbnY2:J0o7GahD5EQWtYLOLGxmORn

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/炫舞自动上号v2.5.exe	upx

Files

fb1974ddf8f73268adfaf259e094165c339edb5a4e15a2394c71b38bc30c44c6
.rar
JZ5U绿色下载站.url
.url
使用必读.url
.url
使用说明.txt
炫舞自动上号v2.5.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 976KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 812KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 852KB - Virtual size: 849KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ