1a6a2f89f02b9d5ac945e6cd1a9e028a | Triage

Sharing

General

Target

1a6a2f89f02b9d5ac945e6cd1a9e028a
Size

188KB
MD5

1a6a2f89f02b9d5ac945e6cd1a9e028a
SHA1

ffe8fe879b928d5b5646760f76e356b776fed6e5
SHA256

e8ea9b5454826e551a48b576710a1204d1bcfe00467ba984accb9faf88e9af66
SHA512

a3a9056f13850f19a513ba860a0c1ac62c7df9f83c3a93e461efe3610095ea6ba1dc00c6898800ae8e7206011292f6d83510fae4048a635e929a2e84132c1daf
SSDEEP

3072:KKLh9UvHuFk0h2OI8FqSTzaHBCJzc8ki1ADCbZz3MPi+Ul2ZIvHZBxwUDlgq/WzZ:K29UvAXPIIKcJz6aAeqPLJZIvtwUDlgP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/kmz-bloodbowlLE-Promo.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kmz-bloodbowlLE-Promo.exe
unpack002/out.upx

Files

1a6a2f89f02b9d5ac945e6cd1a9e028a
.zip
Get Full Version!.URL
kmz-bloodbowlLE-Promo.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 412KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.txt