09c8e4e4d402448ed610a0c0df6822f45e67fe81a8842de4e449f629e7b24f86 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09c8e4e4d402448ed610a0c0df6822f45e67fe81a8842de4e449f629e7b24f86
Size

1.6MB
MD5

afcd76615790ae168762e96cd65b7dcf
SHA1

1919c202abb4730e41d794dd7470bfb70d401943
SHA256

09c8e4e4d402448ed610a0c0df6822f45e67fe81a8842de4e449f629e7b24f86
SHA512

5da81579212f0b56dd0fc18d58765656e7372826e60ec3bb3b6cf7029a19168f6bc2c0a4b279ea4fbac2025fedbe962cfd9114178f5177d8f66916c03e2a78fd
SSDEEP

24576:CD1ez9rj+r9wfq4aIP43uzAfnyU+HY+MxjBE6sTgj2DyBrrfL4Lzoaza:m1ez9/+r9wfykGuzwnRbzf5BHfYoaW

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09c8e4e4d402448ed610a0c0df6822f45e67fe81a8842de4e449f629e7b24f86

Files

09c8e4e4d402448ed610a0c0df6822f45e67fe81a8842de4e449f629e7b24f86
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE