75099125c7a11c32bccb3910afdfaf468d3982116417abc134017351e97506d4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

75099125c7a11c32bccb3910afdfaf468d3982116417abc134017351e97506d4
Size

203KB
MD5

ca192c928c4d74a88e85ac5b7175f260
SHA1

5a0ef601ae5ba8a6e1bfb5c895c174316279dbf0
SHA256

75099125c7a11c32bccb3910afdfaf468d3982116417abc134017351e97506d4
SHA512

6c6d017af14de81fbf9f2c217f8ebbc582a28c9afc88d1d7472ba68c5a246670792764c3b42faca9f6a14e2b034d8df55f0a6aa7f6725d18fd792d4ad68dcf52
SSDEEP

3072:SJ8IMILmCa3yx6oFEdgVXnFYf7C9Ugfxm3Nep9viMrJG4n+:RkmCaiEoFEd+FYOtxmdeviMF3+

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75099125c7a11c32bccb3910afdfaf468d3982116417abc134017351e97506d4

Files

75099125c7a11c32bccb3910afdfaf468d3982116417abc134017351e97506d4
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

FloodFix
FloodFix
FloodFix2
FloodFix2
crc32
crc32

Sections

UPX0
Size: 119KB - Virtual size: 124KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE