251f4f4043baba9601a362c7622390909865cf471ee9f201f3f4de2939c6a016 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

251f4f4043baba9601a362c7622390909865cf471ee9f201f3f4de2939c6a016
Size

468KB
MD5

13d184bddf918c7d2a0d82889644f4ad
SHA1

99469838bdc23f3d5afa220f64dd3553f937a2ee
SHA256

251f4f4043baba9601a362c7622390909865cf471ee9f201f3f4de2939c6a016
SHA512

7d0baab2e40a9513cd980767e86a3d2af9f59d185bd157d8f9f3d3def0e66ca790ab3d169d5cd31b60c525dbe96e8ff1f4afe7931650e6a2f150f9ed8ed1ad17
SSDEEP

6144:xcm4FmowdHoSkhraHcpOFltH4t+IDvSXrh5g8hZTydOAkOCOu0EajNVBZr6y2WXh:74wFHoSceFp3IDvSbh5nP+a3Y

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
251f4f4043baba9601a362c7622390909865cf471ee9f201f3f4de2939c6a016

Files

251f4f4043baba9601a362c7622390909865cf471ee9f201f3f4de2939c6a016
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tkjdelw
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ