d26627a4186eac43f843e751f5bf43c4bcf9bb41bbc5ed192d04e7af7a291818 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d26627a4186eac43f843e751f5bf43c4bcf9bb41bbc5ed192d04e7af7a291818
Size

418KB
MD5

b5805fab55a8fcad365e76fee4f9bf80
SHA1

391c319fb1a8f610cf6c5f941b0fdc1a9716452d
SHA256

d26627a4186eac43f843e751f5bf43c4bcf9bb41bbc5ed192d04e7af7a291818
SHA512

664afbac57fc0fe7efa66d9ef04599db0e0d14e818b3811a0ed53c562e119eb894257eeaf5baccf097fd89760dd8f535455d3e53c550030a91f0708a27aeddce
SSDEEP

6144:SjluQoSKIo5RwqdVI3YKYFpz3mSyu955RhfnoqiDRasxndBox3LjELQ0bHJ378:SEQoSesqdKoKmpz5fvhfHORBxdBe278

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d26627a4186eac43f843e751f5bf43c4bcf9bb41bbc5ed192d04e7af7a291818

Files

d26627a4186eac43f843e751f5bf43c4bcf9bb41bbc5ed192d04e7af7a291818
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.i
Size: 512B - Virtual size: 4KB