f1cc8138486199352cf3f98bb9085c2b08663fdddbb347dfb94d032ee9103e75 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1cc8138486199352cf3f98bb9085c2b08663fdddbb347dfb94d032ee9103e75
Size

612KB
MD5

a240cda4b256bff55b743dfa9beec546
SHA1

b3fa4ca04e9ebb3caa5dc1bda7f0e9bcdb8741eb
SHA256

f1cc8138486199352cf3f98bb9085c2b08663fdddbb347dfb94d032ee9103e75
SHA512

7eabc3567c8937aade3f43d9d0403e00a4341d6c9161b816940e6ad18d16f48c969e45ddc02d4d76e6251bae43be59a78b9a81a015e4f56d88be8b0534b82c67
SSDEEP

6144:uS665+NDdL0yqu5uPBhLRjpML0KYj3NAilJ0FcmjUu:z+HAJ3PBh9jkK3NAi/0FceJ

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1cc8138486199352cf3f98bb9085c2b08663fdddbb347dfb94d032ee9103e75

Files

f1cc8138486199352cf3f98bb9085c2b08663fdddbb347dfb94d032ee9103e75
.exe windows:4 windows x86 arch:x86

1639b1e17656fed4f63bac94cbb79cec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord595
ord598
ord525
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord530
ord716
ProcCallEngine
ord537
ord645
ord570
ord685
ord100
ord616
ord546
ord547
ord580

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

camzt
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxda
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE