72db361e983c632abbc6649df526a199bf700b69bc264f27f573d11e5a876fe6 | Triage

Sharing

General

Target

72db361e983c632abbc6649df526a199bf700b69bc264f27f573d11e5a876fe6
Size

140KB
MD5

048eacbe4c60e7c576ffb6d7e5444964
SHA1

c3cefe03dec2ee1ea8f98ed09755a267e2d1493f
SHA256

72db361e983c632abbc6649df526a199bf700b69bc264f27f573d11e5a876fe6
SHA512

e0d7c109b2159b6e132e7d5ddca18cc62e221c79426910380a0c080b4661f52ca53a85b0d725ae563e528f4a7869e21c0d7044bccad067a4e6071c1b408b4d85
SSDEEP

3072:OJfuq8IzyLHIDYsp8iJ+AAkRcblVReIcT2VWE1:Ouq1yyfpenk4lVIBTmN

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72db361e983c632abbc6649df526a199bf700b69bc264f27f573d11e5a876fe6

Files

72db361e983c632abbc6649df526a199bf700b69bc264f27f573d11e5a876fe6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 53KB - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE