46b2907d36ba2d64ca367355ba9253bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46b2907d36ba2d64ca367355ba9253bc
Size

53KB
MD5

46b2907d36ba2d64ca367355ba9253bc
SHA1

74f3c27e31b4c5e10fcb5731a6ae56c4f20adf62
SHA256

a5383ac7605693e9deeee40eacf6e92a47ab50a5b4cfbc2070a4f7d2088dca4d
SHA512

012a1eae22f48707fb2995e752d0934098cead70030598eaf73604fa2c3364350437f276213ba105bd047758d8f4d680b67388b7b1c5394c896acea6dc964b06
SSDEEP

768:rBwxv40efk8dTyPoQIARaGFfopCuTfyGqkH4y5cQJVVAtI6EQzTGf3gNH/:rBwK0efk97kGFflnsfKQvyq6EQMg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46b2907d36ba2d64ca367355ba9253bc

Files

46b2907d36ba2d64ca367355ba9253bc
.exe windows:1 windows x86 arch:x86

1a7a3ec95218611190a3b2ff9674f299

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualProtect
ExitProcess

advapi32

RegFlushKey

oleaut32

VariantClear

user32

CharNextA

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FYPMJW8F
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jknckhnx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ