3dc29a8070703c298098d839b0f54996b3617464f1510eaedf3f6245ac464fff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3dc29a8070703c298098d839b0f54996b3617464f1510eaedf3f6245ac464fff
Size

2.0MB
MD5

acb213a312162da890d2854083212ebf
SHA1

a2149624d0827a311b898d1c174cb988cb4aff1a
SHA256

3dc29a8070703c298098d839b0f54996b3617464f1510eaedf3f6245ac464fff
SHA512

b5b382b3e3100f8e0703fb7966c4dc7922e2cf762fdab652a6fe002cca3fb075de4bf3a6fe671d069ea846cd7657900447a221b481a9472b5a72e1760a131740
SSDEEP

49152:x0mwq8On9Ywqe4e5iI9xi9DVAMl1PRyiEtCFk+IjvxQ:xbwtxFaMixuVAMlt5HzIj5Q

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dc29a8070703c298098d839b0f54996b3617464f1510eaedf3f6245ac464fff

Files

3dc29a8070703c298098d839b0f54996b3617464f1510eaedf3f6245ac464fff
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktlju
Size: 512B - Virtual size: 4KB

.wu
Size: 512B - Virtual size: 4KB

.shik
Size: 512B - Virtual size: 4KB

.nbd
Size: 512B - Virtual size: 4KB