dabb9b7e89a5fef63ef7650fdcd9b5c2e6e25f24f90f3e8e03a4c013e5145e2b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dabb9b7e89a5fef63ef7650fdcd9b5c2e6e25f24f90f3e8e03a4c013e5145e2b
Size

225KB
MD5

c42c4773353e15052bd792112eaa3484
SHA1

006dbe627d49b016b933c740ae73bd509c3eb5a8
SHA256

dabb9b7e89a5fef63ef7650fdcd9b5c2e6e25f24f90f3e8e03a4c013e5145e2b
SHA512

e807df69b7caa54d8323815481efdd47acdea55819b05dbb4d8a703eea0923142c901e362879742f6195364a066b6efa2141794775f0ffad66841e0afe32e7b3
SSDEEP

3072:vjr87S7Gnzi+aoJC6LNFIwspIS7MWNgwkczVUu9pkzHKC1FQ1v:UZXalcNOwIIS7ZNAu6HKUFEv

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dabb9b7e89a5fef63ef7650fdcd9b5c2e6e25f24f90f3e8e03a4c013e5145e2b

Files

dabb9b7e89a5fef63ef7650fdcd9b5c2e6e25f24f90f3e8e03a4c013e5145e2b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 51KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE