5dc485c13a6b2d3da41748cf4d2f965626f27ee4c500f59b2dc7796fe6b44495 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dc485c13a6b2d3da41748cf4d2f965626f27ee4c500f59b2dc7796fe6b44495
Size

1.5MB
MD5

cae88d6ff5e2e6f40366bcd77092994b
SHA1

af939999324d227c1837640f7de2c75a8d5b1a7f
SHA256

5dc485c13a6b2d3da41748cf4d2f965626f27ee4c500f59b2dc7796fe6b44495
SHA512

4820a6ebcc8bc0e476f89864a9ec7193f46cdeee57b2454ea7af7ad6e3883d1e75cac88c7c678c10e389cb3c92d8c3f47c816d7507d2d8806774d77f2f9a5e26
SSDEEP

24576:YizPCUWzWdatPPNDQWh7faVRzssXbRo6yJDe0UyIUruAk6q2KcUoXtWOiI:xBWz7LD/h7fGoB5etnU7bcG

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dc485c13a6b2d3da41748cf4d2f965626f27ee4c500f59b2dc7796fe6b44495

Files

5dc485c13a6b2d3da41748cf4d2f965626f27ee4c500f59b2dc7796fe6b44495
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktlju
Size: 512B - Virtual size: 4KB

.wu
Size: 512B - Virtual size: 4KB

.shik
Size: 512B - Virtual size: 4KB

.nbd
Size: 512B - Virtual size: 4KB