b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae | Triage

Sharing

General

Target

b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae
Size

33KB
MD5

541befe274c45704919a15ddafb27063
SHA1

189ce23320622e0ffd17970cdc0d791743d2c81e
SHA256

b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae
SHA512

829bbc440b5a775dc937847fcccbd0115ebc950b265b7602eb3f8b466611e963c622fe26794867b587ebece8ce6432200310fdf0a017b4d7435a227ab934cba1
SSDEEP

384:Xp0y/CgGfReM8DDxeIyXGZCgGfrSU6BBST:GjReRD9eIyXGqG/BBk

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

b28af2e8c0a604424e01a304dbc46ae7b31b1e7f1832f6a6901ae7b6fba30aae
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

WaitForMailRun
_newGPA@8
_newsend@16
_setbufenc@4
_setsendaddr@8
_uuencode@12
dllproxy
wcopy

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dswlab
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE