d1863ed96dd23e71854db53f2da3d5225af3c795bfcaa1bf1dc9a93e82071e2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1863ed96dd23e71854db53f2da3d5225af3c795bfcaa1bf1dc9a93e82071e2d
Size

268KB
MD5

d55a56e7eeb94eabee597432f7143927
SHA1

2bd535f601d8edb0045b65914f0eba418838da27
SHA256

d1863ed96dd23e71854db53f2da3d5225af3c795bfcaa1bf1dc9a93e82071e2d
SHA512

e9c47733f5aaf05985f2da968d1b63bc56ae932602ce4832d83c0c56d9b6fbb54e08a251aa4f53eea7d3a6757da7687322fd0158202fd1aa41fae49560e7dfb4
SSDEEP

3072:BhWvoUtcrZawWOYQkv8UWHmfonwlOrQunOP9gnMHcbR5CdqAOwsyJfllHUqbQWsL:BwvSZxWeZvnwcrQVARwdqYPbQYOL

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

d1863ed96dd23e71854db53f2da3d5225af3c795bfcaa1bf1dc9a93e82071e2d
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dswlab
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE