49ad26bbd12a63d1551864d9acea39df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49ad26bbd12a63d1551864d9acea39df
Size

45KB
MD5

49ad26bbd12a63d1551864d9acea39df
SHA1

ad8e99e58571ea6c12abf2766ff1e55a42844f43
SHA256

68af9a1bfe7a7185acc457381cff93e5aa55ed3a1a4692cd5c49c184ab29eb39
SHA512

2b0e90ec127e05ba5f84b2a3c9d5f3420b5ac73bd6c4758ee077574e5562dd79c6a3acba09a05d97b1c83a450c434253025e8d20249cdcdf227835b974db5b05
SSDEEP

768:tgMcJp+CC5/qxVZBmH8q6nt3gwNg66C8dbkRNKYCIbaNqr8fJ/8IV:tFUN06hn2igTXdbqaRfJ/8o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49ad26bbd12a63d1551864d9acea39df

Files

49ad26bbd12a63d1551864d9acea39df
.exe windows:4 windows x86 arch:x86

f27afc075dbe0ffba9b3174e7fd68921

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_tell
_tzset
_umask
??2@YAPAXI@Z
_spawnl
_stat64

kernel32

GetSystemInfo
GetVersion
GlobalAlloc
GetNextVDMCommand
GetDriveTypeA
GetStdHandle

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE