18abfe1e9fd492d0b4379947f03ab464b33b93d42c838a1ff79d91af8179bbab | Triage

Sharing

General

Target

18abfe1e9fd492d0b4379947f03ab464b33b93d42c838a1ff79d91af8179bbab
Size

2.2MB
MD5

9d87c5d3a68e6596fd47f9837a92ba97
SHA1

98fd510a28c4e5c9c3b330ac08059523ec24944f
SHA256

18abfe1e9fd492d0b4379947f03ab464b33b93d42c838a1ff79d91af8179bbab
SHA512

f43a75db657ff331a25c96d60fecff24ef97fdd185848d671817fec29c86b087cf749d767188a161fe7a8349e5577958e1774c05fbf59aadda4c687154dbbc7e
SSDEEP

49152:LOEiLj+kCZufc2lmjQXF9f3wsuss6vtryGQgQSn7V4EawZWMqTFCIabjKoh9W:L/aj+kCZuZlepw8iIabjKoh9W

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18abfe1e9fd492d0b4379947f03ab464b33b93d42c838a1ff79d91af8179bbab

Files

18abfe1e9fd492d0b4379947f03ab464b33b93d42c838a1ff79d91af8179bbab
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE