f4f2b6af03706d26db9e7dc58fcd5ef487260fd7e879abbea4e620d24c7db403 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4f2b6af03706d26db9e7dc58fcd5ef487260fd7e879abbea4e620d24c7db403
Size

11.3MB
MD5

af625d58bdf686f0668b64935283e349
SHA1

ffbf172c63f3e6540216607bcfa6b144655e50bb
SHA256

f4f2b6af03706d26db9e7dc58fcd5ef487260fd7e879abbea4e620d24c7db403
SHA512

a4141e1efb1448ac62e1c7ce8c14dc010fdb4b121ba01d3311c445de26174e3e93ae58175fc763fd9552c02b0a5618e3b0c9b1e1a9ab2f2cb9d363d845b9693b
SSDEEP

196608:mQMS5r/I4Ri5IM2AaOF1FaqGRdxyvZTQ813zgozPBtls371yDhMihcN3QoYZraWV:Nb5DlRi5I7oFaqGRd8913zgMPBto5shr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4f2b6af03706d26db9e7dc58fcd5ef487260fd7e879abbea4e620d24c7db403

Files

f4f2b6af03706d26db9e7dc58fcd5ef487260fd7e879abbea4e620d24c7db403
.exe windows x86

de39dc68941cc6307e3b2590c857a907

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA

user32

wsprintfA

advapi32

RegCloseKey

ole32

OleRun

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.7MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 68KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE