1b1e804b2108f7f361bcb73e179a923b6ed6ec9577ad2c5bb057c60ded3940de | Triage

Sharing

General

Target

1b1e804b2108f7f361bcb73e179a923b6ed6ec9577ad2c5bb057c60ded3940de
Size

1.4MB
MD5

a8784c4c2c5ebcd67f937e78d07ced9b
SHA1

e6d1d2c5bf3ef3e6685099e0127148be9d28fb78
SHA256

1b1e804b2108f7f361bcb73e179a923b6ed6ec9577ad2c5bb057c60ded3940de
SHA512

d94e9d0624a8f011896493a8e42a09510eeb69b763a3162d901f670ad552680025ca0e0d621a57beb9f3742d4f27327b0a721ead2ac914bbef43c32c0e33846b
SSDEEP

24576:K12RH5bK7Dz9oS4jBaZZYJfDE5tywaf7xIRJegxva+q3MapmGDIJhefDA5L4orJe:dV5bK7DRoS4jBaZZYdDE5IjfiDVviXLn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Imagew 3.56/Imagew.exe	upx
static1/unpack001/Imagew 3.56/TBIView.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Imagew 3.56/Imagew.exe
unpack001/Imagew 3.56/TBIView.exe

Files

1b1e804b2108f7f361bcb73e179a923b6ed6ec9577ad2c5bb057c60ded3940de
.zip
Imagew 3.56/IFW.ini
Imagew 3.56/Imagew.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1015KB - Virtual size: 1016KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Imagew 3.56/TBIView.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 704KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 344KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE