8db4ff1fdade81ee389dd13d82f4b496 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8db4ff1fdade81ee389dd13d82f4b496
Size

176KB
MD5

8db4ff1fdade81ee389dd13d82f4b496
SHA1

6efe05674e8d9a3ac092a445c269f1dc60c0234b
SHA256

3b3daba7d8f75551ef734b01345234c710356ac82efadfaaf93876f0e46364b5
SHA512

17c792fb5e55663ca1ee9d1b6ee843ff6103542e63bd50feaa7170513d42db3741883efe1529b2470754d807d8bfe370213b68987d5dee1b43335d12cc40c7bd
SSDEEP

3072:Xjr87S7Gnz55EoVKcWmjRrz3MeK9X2I2+rWYSjKD4Br/zB9ayt:sZl2PGMeKgH+CYSWD0/zKyt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db4ff1fdade81ee389dd13d82f4b496

Files

8db4ff1fdade81ee389dd13d82f4b496
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE