7d76ae00c886ecfc68a440d7e4a690c2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d76ae00c886ecfc68a440d7e4a690c2.exe
Size

236KB
MD5

7d76ae00c886ecfc68a440d7e4a690c2
SHA1

5039a61f3351b10abf3e3539e30caf8cbc80f85a
SHA256

43826b6b2f087c2abc711b4d22bd18704791771c957499a61b3d1ea079e1497f
SHA512

651e4cc6dface6ee300186ad14865ce16d5dee6b25774d728c52b5d43aa5ae6ef5c6ad81c955990f8c336e2e8a853af7641ed9b0371a58ce8ef57150dddf3fb2
SSDEEP

1536:KDusHJo0IHgL2AHfb1mzaFXg+xsukl4Y17jsgS/jHagQNuXGpeV1eT92NdTy2OBn:Zox6AHjYzaFXg+w17jsgS/jHagQg1E5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d76ae00c886ecfc68a440d7e4a690c2.exe

Files

7d76ae00c886ecfc68a440d7e4a690c2.exe
.exe windows:4 windows x86 arch:x86

210081ca7cb0771b9f31a7245cedfafa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord518
ord553
ord593
ord594
ord598
ord631
ord632
ord525
EVENT_SINK_AddRef
ord528
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord608
ord531
ord716
ProcCallEngine
ord537
ord645
ord570
ord576
ord685
ThunRTMain
ord616
ord617
ord618
ord619
ord542
ord543
ord544
ord545
ord546
ord547

Sections

UPX0
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE