a397c39b8193418f90dca605d31e82a0ddd4260c0361dce949ec92d1948fe574 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a397c39b8193418f90dca605d31e82a0ddd4260c0361dce949ec92d1948fe574
Size

1.3MB
MD5

24250a14b9b7d3b7e73150366d5d7635
SHA1

b98c94a7686ec69244e3f590bc2de51bb677befe
SHA256

a397c39b8193418f90dca605d31e82a0ddd4260c0361dce949ec92d1948fe574
SHA512

df9fb61e99b6adf36a1f02698859f608d6b406ac7d1abe05c80b33788970bc2a1eb153c567052419e6ce637a04331b01b18d8a7c4721f5ffdd34dd4e743b2bca
SSDEEP

24576:NSL/cwJfmqgkW/iD1CEFAoneRjK+fc+Bed7bTAEPy7QWn9mudct4Sm:NccwJ4kWqD1CESoujZkkO7bs7lEEcxm

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a397c39b8193418f90dca605d31e82a0ddd4260c0361dce949ec92d1948fe574

Files

a397c39b8193418f90dca605d31e82a0ddd4260c0361dce949ec92d1948fe574
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvxzt
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vzkj
Size: 512B - Virtual size: 4KB

.lygia
Size: 512B - Virtual size: 4KB

.o
Size: 512B - Virtual size: 4KB