d380907053d50aec9768ac16b5e3aabf2db1a578725e572d78c3a209efad2656 | Triage

Sharing

General

Target

d380907053d50aec9768ac16b5e3aabf2db1a578725e572d78c3a209efad2656
Size

1.3MB
MD5

640ed7e89920a108d6308640a775d0dc
SHA1

c0e8dfb326f2a3324c4acdcaad79d046a89d24a5
SHA256

d380907053d50aec9768ac16b5e3aabf2db1a578725e572d78c3a209efad2656
SHA512

8e8b603031a315f1a01fed04ce093190d51785849153c0f3e5f4891c105df15c34dd52bc6006f35a0d4b43d6c7549df0e85de3b712fffe4c4d4e3ba910055fed
SSDEEP

24576:gxgXZD3YVEDrp1B8quAB6sgmPrVUL7xr9Deqy759b3IlEFFnxVsjpv:9ZMVEXpf8bAFj8NRq7dFhxVsJ

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d380907053d50aec9768ac16b5e3aabf2db1a578725e572d78c3a209efad2656

Files

d380907053d50aec9768ac16b5e3aabf2db1a578725e572d78c3a209efad2656
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gtcl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kxvu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psfx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oncez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bsp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ