7af3f4589a0d13da9f6f09244cd02fca406632e55a02648371978b047bf3647b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7af3f4589a0d13da9f6f09244cd02fca406632e55a02648371978b047bf3647b
Size

5.7MB
MD5

5277af6bbc764665dbdcf20ea7a90ac4
SHA1

474671bd121b75fdb75a872332579a0560e20897
SHA256

7af3f4589a0d13da9f6f09244cd02fca406632e55a02648371978b047bf3647b
SHA512

4ec2bea15f52a87990ec481a306804faf7593e1adce99265afdf1b2d400b441faf09eec978fc26395ab307d233c9e1be09519855bfbaa6029088181a2bacc1f5
SSDEEP

49152:hzZhkogw3nKAOCOByky2PeTRc8LyOF8S4b0tECCkOVO/YLyYupTfOXQahacF:LfVLJC4aO/kvaK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7af3f4589a0d13da9f6f09244cd02fca406632e55a02648371978b047bf3647b

Files

7af3f4589a0d13da9f6f09244cd02fca406632e55a02648371978b047bf3647b
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
euefnaiw
gusiezo3
hitit

Sections

UPX0
Size: 4.5MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE