16843f57a574b5648cf5eb7c0d1bf758 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16843f57a574b5648cf5eb7c0d1bf758
Size

29KB
MD5

16843f57a574b5648cf5eb7c0d1bf758
SHA1

6c733bf6e792440283598152bb46b8aa856f7f90
SHA256

6e621cca7cbf3b1c2f66b8ff1d0c800bc252cabfd2e5551ddbfd6dc845e8ade9
SHA512

28686f751c38bf3176f6cf61ce9f698bdccfe7d63509a1c248d8882019f0c95983840d1071cdaf9c3891d055481e67842b366fee00e4cf4fa1ced71e8f17e3b4
SSDEEP

768:jbrgpYvrVa+4rFaLtr/V2ZSx3j/wnm9xNha5:DYYv540B0EjomL

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
sample	aspack_v212_v242

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16843f57a574b5648cf5eb7c0d1bf758

Files

16843f57a574b5648cf5eb7c0d1bf758
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

StartHook
StopHook

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bb
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE