2cb0b3390fd0a423fcd12b19ff42687a | Triage

Sharing

General

Target

2cb0b3390fd0a423fcd12b19ff42687a
Size

12KB
MD5

2cb0b3390fd0a423fcd12b19ff42687a
SHA1

f962690da6f38456e7a6cdb013c8926a7744bcce
SHA256

58dfc892be865afd1fb2e220edd6cba2119ebb078e6c9732c8164a0600e37e2b
SHA512

645d210d5aab30e6548d52454e0ba1629f96243866706a943c89c4d6d5c42b6fd31c60b5d8464fe09aaba4c936f341420b17a0e629ebc76164dd162e0a348a01
SSDEEP

384:kq4IjIHxATVaZuFAmX4hFSN0b6+XXXbZ6dDEA0h:FjIHxATVGuazwQ6aZ69EA0h

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cb0b3390fd0a423fcd12b19ff42687a

Files

2cb0b3390fd0a423fcd12b19ff42687a
.exe windows:4 windows x86 arch:x86

8acd18e2c918e0911a0fe5925e84c6ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ExitProcess

user32

MessageBoxA

Sections

UPX1
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX3
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE