3425181af0202ce7d572fc86b2cf8b692b02b3d36dba9cf55007e70381ab1b0f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3425181af0202ce7d572fc86b2cf8b692b02b3d36dba9cf55007e70381ab1b0f
Size

1.5MB
MD5

0bcef2b55247ed7d641b60dff8d5ff36
SHA1

3b637b672d72d77894694369cc380527c427571c
SHA256

3425181af0202ce7d572fc86b2cf8b692b02b3d36dba9cf55007e70381ab1b0f
SHA512

7719c1cca9cb7bf9732648ea7d18b00cba7662aa1faae85bdacef7ddba47bb5dc97eecb24053740dd3bff57f2a8c949b341c72170c5722bdec87f417506b6df7
SSDEEP

24576:Vr5V3e3/xA1oaHqOtYkhupSkuXnh3gNo7IrNw1nWJQWt08hgI7JhC/sexPVbUU:Lhe3NOYYupTY3gW7AS4hP7CkEPVbUU

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3425181af0202ce7d572fc86b2cf8b692b02b3d36dba9cf55007e70381ab1b0f

Files

3425181af0202ce7d572fc86b2cf8b692b02b3d36dba9cf55007e70381ab1b0f
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kxvu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psfx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fpugn
Size: 512B - Virtual size: 4KB