f6d5574794a06f8d669dcdf4a79fd301c0256060e73a1e5617a578fdd64b7f7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6d5574794a06f8d669dcdf4a79fd301c0256060e73a1e5617a578fdd64b7f7f
Size

590KB
MD5

342b90fee024d5dad4d36a31f8c938bc
SHA1

b998062495ee9d296a1601f78ba14706c8de41a5
SHA256

f6d5574794a06f8d669dcdf4a79fd301c0256060e73a1e5617a578fdd64b7f7f
SHA512

2793623914a543edbefac6c7c39243589e0b94f9364689c0aa9f79b4a2be8d5461fb3bc031a79637dbd96e7c7911633390121e733e1e48a5a0eb71a662b8b476
SSDEEP

12288:7EQoSaqheV08zSscA7iNjVOF9RQZkOsiDtECnO1gOoLA3e:7rep2TA7iHK9RVOsn3o0O

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6d5574794a06f8d669dcdf4a79fd301c0256060e73a1e5617a578fdd64b7f7f

Files

f6d5574794a06f8d669dcdf4a79fd301c0256060e73a1e5617a578fdd64b7f7f
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.btnj
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gduz
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.e
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fbe
Size: 512B - Virtual size: 4KB