894f2a2edbdb38db837a5ddaf8ee9a179544f979fb9d4bc328af4659c947d1c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

894f2a2edbdb38db837a5ddaf8ee9a179544f979fb9d4bc328af4659c947d1c0
Size

26.6MB
MD5

7b239dc7c7e02d5d1c2b5e95b494283f
SHA1

ceb8fa49752e823ac77ce1acd3408732a0a9d51e
SHA256

894f2a2edbdb38db837a5ddaf8ee9a179544f979fb9d4bc328af4659c947d1c0
SHA512

205d43a8a7af8c8a8dd74d8c384e536f6947bdf03a02872b1f955595ce544ad7656da4a175d6c9308ab0879d9be74a6378618ed89e7ed42ea4a9c6aa21dc754e
SSDEEP

393216:MzTbO5z8W8U2foOnK70EBKcWYlitpt6DNcwy:MuttHGxv+ckDNQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
894f2a2edbdb38db837a5ddaf8ee9a179544f979fb9d4bc328af4659c947d1c0

Files

894f2a2edbdb38db837a5ddaf8ee9a179544f979fb9d4bc328af4659c947d1c0
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

UPX0
Size: 18.0MB - Virtual size: 18.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE