b1b39930022ffa8652694d89d1061e8054338a6f89be59a37e8df3e51c75f0ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1b39930022ffa8652694d89d1061e8054338a6f89be59a37e8df3e51c75f0ab
Size

4.6MB
MD5

085664ed18c4326f657cb62381755a2e
SHA1

59fc384b2006e95c9cd931011b204a31f54b904f
SHA256

b1b39930022ffa8652694d89d1061e8054338a6f89be59a37e8df3e51c75f0ab
SHA512

e9d690293d4f2b627d605f7823327a6244ad2f2a586a82fe8bb873d3680418fa3abab552cd059e93d8a34b1aa8fcfd54e4b7692fe712b9c9b8f27cf46d4b5639
SSDEEP

49152:QgHVkxlaGMaZyTdVEgHztu+thX44ifGJtSqeQLgza6BDm5TN+IMUu9+d1cL+mMUh:QgHVOl8nVzArOSqeDalc6deMU42/j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1b39930022ffa8652694d89d1061e8054338a6f89be59a37e8df3e51c75f0ab

Files

b1b39930022ffa8652694d89d1061e8054338a6f89be59a37e8df3e51c75f0ab
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE