5018e0e998f2ab3730072b5eccb48c6d[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5018e0e998f2ab3730072b5eccb48c6d.exe
Size

2.4MB
MD5

5018e0e998f2ab3730072b5eccb48c6d
SHA1

14f1464812ddc87cbebfd9321554c9d188fc3bdd
SHA256

e36b44fc7788dec930e5b1575172124bd2ab6dc5dd474a3779d6095b02745299
SHA512

c571c9c86a6fb328ff9841ab9612391fc799d68cc36030da6c2fd98a5a799491fd36c380a8e2d4dea2ded545a402cd825d381b9c0a38e912a11be4db5d0c871f
SSDEEP

49152:DixoU97Wi3XiU0PGthZLZMaKF84Om6jLG0CijH1mFnfDixBYY:Dixo033yTPGthZLZMRF84YHZRH1ifWxb

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

5018e0e998f2ab3730072b5eccb48c6d.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE