ad7af842a14ae12a2527ff07b012a54ca3ec440abdd53baa454e1fc3932a4218 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad7af842a14ae12a2527ff07b012a54ca3ec440abdd53baa454e1fc3932a4218
Size

290KB
MD5

63ec672cda621923fa7aeb42ab6dc14b
SHA1

b0c53b1f0a550c3065193c12189c7c7783d53212
SHA256

ad7af842a14ae12a2527ff07b012a54ca3ec440abdd53baa454e1fc3932a4218
SHA512

1922521091eb84879e99b5a22f85f0a7159db0b697c8b5bd79edc6305560b96d031853824d7a4b17e8d91201aa33b1b5ceac9cb323b482b1a1c90a7826e467ed
SSDEEP

6144:CjluQoSIIo5RDRww9JmT/d0AeP1UiIgClndMd0Y8gU9qI3:CEQoSsXemYT/d0hJI1NqOY8RqM

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad7af842a14ae12a2527ff07b012a54ca3ec440abdd53baa454e1fc3932a4218

Files

ad7af842a14ae12a2527ff07b012a54ca3ec440abdd53baa454e1fc3932a4218
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE