2c0ca2cb75c12f54b5337dae66e6cb847d3ac233c1373a8ce95e358dfba8f412 | Triage

Sharing

General

Target

2c0ca2cb75c12f54b5337dae66e6cb847d3ac233c1373a8ce95e358dfba8f412
Size

95KB
MD5

dd731fe76703ccf7ec82d9741abe6c04
SHA1

2588ab8dc160349c0f4bd93a50d5d220511df47f
SHA256

2c0ca2cb75c12f54b5337dae66e6cb847d3ac233c1373a8ce95e358dfba8f412
SHA512

269efe0fc08e15b3e2f0ff2ceb9a2b37dd2165441a23227475c501e61c6c893dbe73e2e6dfd51eca4b19dd2e800805e17e7ede72a6437c853512d68dd473e085
SSDEEP

1536:dFJz/vArEqF8F1DXE2HCIkjDL6jlT/V1Ayj4m/QWR/Rlq88vlnRqPR/1aViOKvrT:dvs4dDXEGCLElJ1Tj4mYWR/R4nkPR/19

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c0ca2cb75c12f54b5337dae66e6cb847d3ac233c1373a8ce95e358dfba8f412

Files

2c0ca2cb75c12f54b5337dae66e6cb847d3ac233c1373a8ce95e358dfba8f412
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvxzt
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vzkj
Size: 512B - Virtual size: 4KB

.lygia
Size: 512B - Virtual size: 4KB

.o
Size: 512B - Virtual size: 4KB