f5358d2e2ce855c43c4451af0a7a3503f1ba29e6c98a660631aa48b50a74218d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5358d2e2ce855c43c4451af0a7a3503f1ba29e6c98a660631aa48b50a74218d
Size

612KB
MD5

1edb53d22079d0bc4ed31ff349b3612d
SHA1

3404f38f88428451f4f3784909485fd5e21fbb51
SHA256

f5358d2e2ce855c43c4451af0a7a3503f1ba29e6c98a660631aa48b50a74218d
SHA512

dabf3468b3c27688354447aa03f86a3580242ecbbb9160632e281b0b7c4c1c638be733219bcb9af95509e79e15512be643828f7fa059502a2a59edcffbb74beb
SSDEEP

6144:uS665+NDdL0yqu5uPBhLRjpML0KYj3NAilJ0FcmjUk:z+HAJ3PBh9jkK3NAi/0FceT

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5358d2e2ce855c43c4451af0a7a3503f1ba29e6c98a660631aa48b50a74218d

Files

f5358d2e2ce855c43c4451af0a7a3503f1ba29e6c98a660631aa48b50a74218d
.exe windows:4 windows x86 arch:x86

1639b1e17656fed4f63bac94cbb79cec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord595
ord598
ord525
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord530
ord716
ProcCallEngine
ord537
ord645
ord570
ord685
ord100
ord616
ord546
ord547
ord580

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

camzt
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxda
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE