NEAS[.]2023-09-08_e6f1f1532838f1626a20f425b00961ed_mafia_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-08_e6f1f1532838f1626a20f425b00961ed_mafia_JC.exe
Size

3.7MB
MD5

e6f1f1532838f1626a20f425b00961ed
SHA1

437269ecf9ca4bd3849d0fe3d8148c2cb94a3058
SHA256

219ad320013da025be17beef7f94e559fec00cab346f73754894328db4937ff4
SHA512

852d87468e767371d72897a274c31dfd97b3fc0e51fb7b2647c484079dbea28b5e938c78980e8ab80e730fedffca20835e1b6cc5e49c11d604aa2e2013fcf132
SSDEEP

49152:y6m5LBGskIQW5QZuTtS0rQMYOQ+q8nEE6m/JTvdK0PQ2j1SQYSQZ9KFeMX:yL5LBGORWsM0r1Q2jL/JRKITEQFC0Feu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-08_e6f1f1532838f1626a20f425b00961ed_mafia_JC.exe
unpack001/out.upx

Files

NEAS.2023-09-08_e6f1f1532838f1626a20f425b00961ed_mafia_JC.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 488KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 402KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 482KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ