7ea9f74849c404de9579cb237abbbff8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7ea9f74849c404de9579cb237abbbff8
Size

99KB
MD5

7ea9f74849c404de9579cb237abbbff8
SHA1

4ef56b174cb0cb821fc2755ea934adc05528c6af
SHA256

9887191f71cb8cc500b120dcce1cc27df2cbe4da48197d07b468dd2b68ade83c
SHA512

6e6b16a028d925b13dbed6ce017c62836799560bc8f5c5bbc41e803b4c0a56a2a94be0b5488ae5e03457d094187c1c31d48335dc94c0019fc949704b18264d2c
SSDEEP

1536:scNjQlsWjcdiTuXbELbGn82i+beoJmMDfafTfKyik:vjr5ELbGnzi+aojrarK3k

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ea9f74849c404de9579cb237abbbff8

Files

7ea9f74849c404de9579cb237abbbff8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE