vmware[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vmware.exe
Size

125KB
MD5

e86ee61e9e3a348e89ad37fa1737b50a
SHA1

e1fd84c88a8134025ab4f03459e4b8ba65956f67
SHA256

fbfc02304fc3b594161ab83a2c0466df09eb344fd61cd5d34af14282ecdaf562
SHA512

bd887409449a3d9a3e2e8d883db0e8701fc7df690f485c20d6636d988aba1733bd3271efe19e27183e3dd1a36fbc006623a8415752822c7c1021625c3199ac77
SSDEEP

3072:TkbYtyi9NjFR5VTg/orZotQK/qh/7VNzIyJunaIZKSDSVW7:4b09dD5Vs/olotQX7VhIZNYk7

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

vmware.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 123KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE