bff21f6ec7a86ae119099b8b92704e41cb2f84aef74ad151550e0148010c0c20 | Triage

Sharing

General

Target

bff21f6ec7a86ae119099b8b92704e41cb2f84aef74ad151550e0148010c0c20
Size

334KB
MD5

5c7f28988951648a9614f77917b39004
SHA1

83eb196911ba88352df45a866d853da4684e58c9
SHA256

bff21f6ec7a86ae119099b8b92704e41cb2f84aef74ad151550e0148010c0c20
SHA512

fb9fb5081b21a694426ab5b98185612594c1be129722685beb76abc5701b73e81cf0da545519e6d24e48fffecd54aca35a84be3721acc104a3f6e62651513eef
SSDEEP

6144:VjluQoSiIo5RECT80+ZtDs/NFj6U+xUYfnM4HWGnouj6/FJlmSbQZdUg3rmWhq:VEQoSmNTCZRsbAndlj6Eig3rq

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bff21f6ec7a86ae119099b8b92704e41cb2f84aef74ad151550e0148010c0c20

Files

bff21f6ec7a86ae119099b8b92704e41cb2f84aef74ad151550e0148010c0c20
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kxvu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psfx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fpugn
Size: 512B - Virtual size: 4KB