pron[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pron.exe
Size

4.3MB
MD5

d100de3c3de7cc23d65623fed1e6287c
SHA1

73bb2cd9cf76862754b7e75e208d0a0b0c030ebb
SHA256

c51f1c555a8323109e221f384ccff3a0a068d1e5f1b429d5e093846c2cc84536
SHA512

444babc4b45ea2601abff7b98a615183cb67022389ba12babced6b3428c5958d57196977b2b636a818ffcc9127ff248848b61065451d64edb4984285f90b7f1a
SSDEEP

98304:kvkP/VICEsZUx3jz8Wrv6l+k3Lya+NPB9ahjAHu:kveJEsZUljIWelf6B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pron.exe

Files

pron.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE