408ae42a13471e77ac0318994f4aadad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

408ae42a13471e77ac0318994f4aadad
Size

83KB
MD5

408ae42a13471e77ac0318994f4aadad
SHA1

34ced607c7942e2c62486ca029436c317b629ba0
SHA256

7b24cca2720f4a96694cafa70525430671806307b8a62ef14c1a46b26c99efa6
SHA512

3596635716b8145c11ddb8b37fa6222ebfe90c2408a59973ee0ee9ae8ac69b62a5c10cb21d14641e8e6e746fa094cdefd8156d9ca5210f564cba611545d6b371
SSDEEP

1536:w8/7I8FmLfQ9JFFZu/cJpPoI4Qou+Ky1StTMAT/OvhASgX87VoYEa/VE8JRY:DI8FmLf2DF0kDn4vu+j1S6aO+SH7VoYq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
408ae42a13471e77ac0318994f4aadad

Files

408ae42a13471e77ac0318994f4aadad
.exe windows:4 windows x86 arch:x86

05c7df6d575c13faf78878f9450f3b20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
ExitProcess

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX4
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ