6649879c562474acf2aa5dfd83b8c4fb27c86fda92fda460ba592b04d6ca8ed0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6649879c562474acf2aa5dfd83b8c4fb27c86fda92fda460ba592b04d6ca8ed0
Size

275KB
MD5

509f571029de5ce8c8a58989f130f0d0
SHA1

fbf5b20176e7fb28df460c845061804e676a4cb6
SHA256

6649879c562474acf2aa5dfd83b8c4fb27c86fda92fda460ba592b04d6ca8ed0
SHA512

6fa3cefa45bb299d45983c872d32a3027f38fb40783e834a58109b380dc1353a966be8cd142ff97de49ceedd06001fbd66e13192744cfd6ff7e69555a8becd47
SSDEEP

6144:ZCX0ZtLiKUpMZWPOJHKOrWWgH05rXRv73FnRk4xtsh5G:ZE40KUgWsOzC9D3ZXzsh5G

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

6649879c562474acf2aa5dfd83b8c4fb27c86fda92fda460ba592b04d6ca8ed0
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

CreateMainProc
CreateProtectProc
DllCanUnloadNow
DllGetClassObject
Setup
SysLogoff
SysLogon

Sections

UPX0
Size: - Virtual size: 476KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ