9136ac44ce606907b0fa6c40a0a7ca4882ea21f0dd32c12203b305a23cdc8620 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9136ac44ce606907b0fa6c40a0a7ca4882ea21f0dd32c12203b305a23cdc8620
Size

624KB
MD5

100eba689c0459c55d389b7a74ca7ca9
SHA1

062055fee9796444bef2cca66a7185ec6aa07a3e
SHA256

9136ac44ce606907b0fa6c40a0a7ca4882ea21f0dd32c12203b305a23cdc8620
SHA512

c7eca86c73e2292653c42cbb9ce0e2b3efbc6704e2af668362413806478a22d7189f62f60c913d5598f81ef45ccec44450241148ec25a93138c3462f79fb211e
SSDEEP

12288:CEQoSsWufl+JzqDl8iWOkl6ouB+Es4RtS5+xhcDtNHFGb3tQrj9:CylTDl8iWdOL+ahcxRm9m

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9136ac44ce606907b0fa6c40a0a7ca4882ea21f0dd32c12203b305a23cdc8620

Files

9136ac44ce606907b0fa6c40a0a7ca4882ea21f0dd32c12203b305a23cdc8620
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE