409b1d6de7d5fc908dc29d8e8c86d3dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

409b1d6de7d5fc908dc29d8e8c86d3dc
Size

63KB
MD5

409b1d6de7d5fc908dc29d8e8c86d3dc
SHA1

9ed5cc76486d9ca8d45bfb197f9fa2c227bd7c7d
SHA256

2df3aa221b7829b1e3407199ecb1275932282998f94c92fe5f108c73feaf0398
SHA512

99031d4f946ee479715dffcb454baf25f2527c666acb9159a5301ea6ee0037a050a8fabdd86fedbb2ed0f65a885d46fa5486f70867610bddd9e078d7e59ac436
SSDEEP

768:nHpI5EBmwLXHN6RRHHdB+BmHY97o014/89GH4X6Mgd90YQFO6ZXsSKhAUlxSoL9:nJIMlt6RRdOm214/hVh4KhHnZR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409b1d6de7d5fc908dc29d8e8c86d3dc

Files

409b1d6de7d5fc908dc29d8e8c86d3dc
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
inject

Sections

UPX0
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.new
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE