dec0a94246f6222917cb4d595ee2c1772f1fc9f0b94a18e8d4c92c52f71e5f3d | Triage

Sharing

General

Target

dec0a94246f6222917cb4d595ee2c1772f1fc9f0b94a18e8d4c92c52f71e5f3d
Size

544KB
MD5

3b73e440ba1ac44ec23a5aa543f82230
SHA1

127c9f41ca155a8b3aab1104404acfcdfdfe5fb2
SHA256

dec0a94246f6222917cb4d595ee2c1772f1fc9f0b94a18e8d4c92c52f71e5f3d
SHA512

a7c35de5ba2cd2e8fb31242b4b9c6e85d9c705ead810ed44c414ae41cef9acf6114263ba3651255aee0a3ff87e3e16a21fa8947e850a37157c99a3d9742e8b4d
SSDEEP

12288:YEQoSpqhkKf/E4uR779MrN2MAa3ECTcTJ7ivL4r:Yid/IsrN77QZGE

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dec0a94246f6222917cb4d595ee2c1772f1fc9f0b94a18e8d4c92c52f71e5f3d

Files

dec0a94246f6222917cb4d595ee2c1772f1fc9f0b94a18e8d4c92c52f71e5f3d
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktlju
Size: 512B - Virtual size: 4KB

.wu
Size: 512B - Virtual size: 4KB

.shik
Size: 512B - Virtual size: 4KB

.nbd
Size: 512B - Virtual size: 4KB