a619fd3fbe246f45ac8db1063165b9f147d53466833e58f6dcc8f023b4f9ee81 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a619fd3fbe246f45ac8db1063165b9f147d53466833e58f6dcc8f023b4f9ee81
Size

584KB
MD5

b00c0803ba4060bef2b064d97fc27fd0
SHA1

d43c1f7f1dc9c0d7663458167a27ff130ed87f67
SHA256

a619fd3fbe246f45ac8db1063165b9f147d53466833e58f6dcc8f023b4f9ee81
SHA512

23d7f9030d670c27de5eef89ab0a634a05dc193ca348c43b4ca9acb104833a74bb22699de94736dcc54e91d445fabf06e961d111c3c5d01eeec688f244e59086
SSDEEP

12288:K5lGXd4OvXkLGHj0qTDzhYqgNEIrEkoNk7L6zSZp:eGmA0UTPyrRoNk7BZp

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a619fd3fbe246f45ac8db1063165b9f147d53466833e58f6dcc8f023b4f9ee81

Files

a619fd3fbe246f45ac8db1063165b9f147d53466833e58f6dcc8f023b4f9ee81
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ