ec70e8e9f07bea144ac549ae50633c78a56cca3daccecb1743e6f7352352bc1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec70e8e9f07bea144ac549ae50633c78a56cca3daccecb1743e6f7352352bc1e
Size

521KB
MD5

2bec6fb167b1806fb558a5c2ae99503a
SHA1

f2535631a18c428320ea821725e87ea5a9fb65bb
SHA256

ec70e8e9f07bea144ac549ae50633c78a56cca3daccecb1743e6f7352352bc1e
SHA512

f4e43304e2c3e174794ceb3ea97867a19bf1e813697c9eec724b325980c7a377fb7621efd57b8cc3091e5e224a174907ac78594de8261c9920e6b7f7976b4774
SSDEEP

12288:YEQoSpqhOCCMZOYVs1xVsXPe5dt+ns4SDhWrAbqJ2JlG7Y1kyfpS:YiOChZO91xiXK+s4SdfqMGM1/pS

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec70e8e9f07bea144ac549ae50633c78a56cca3daccecb1743e6f7352352bc1e

Files

ec70e8e9f07bea144ac549ae50633c78a56cca3daccecb1743e6f7352352bc1e
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktlju
Size: 512B - Virtual size: 4KB

.wu
Size: 512B - Virtual size: 4KB

.shik
Size: 512B - Virtual size: 4KB

.nbd
Size: 512B - Virtual size: 4KB