Grudge[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Grudge.exe
Size

14.9MB
MD5

d9600fa3a165266c6709faa4ca4e1c38
SHA1

0dcc9a8808ae0884248f2dfac72c71e9c065ca2f
SHA256

185f3ac934cd5f67b39fdfcaef8702e0e24f0cdee93e14941ddc4e03b0046902
SHA512

ce8c2bf310c5c3f2fa35b88c31d4f2fe112c11fb43979f3edf33792586e174bd0d61e46fddb32ad3c30e41b30881c043720d41512003aa294fbe1edf31444408
SSDEEP

393216:qK4w0LpRHdnQWxzuUoXGvYsbEJ4Ovkcu:quwpDQAzVYvKOnu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Grudge.exe

Files

Grudge.exe
.exe windows:5 windows x64 arch:x64

Password: 62427418

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 404KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Grudge.pyc