fcd39097d30b8d6412c1b1348f35e3c306762e3fa37bb3e99204aceb8f516187 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcd39097d30b8d6412c1b1348f35e3c306762e3fa37bb3e99204aceb8f516187
Size

2.1MB
MD5

2544797445ec612d6bfc7909a53bf38b
SHA1

0d44e8fa5ef808bfcac154007cf632804ee859bb
SHA256

fcd39097d30b8d6412c1b1348f35e3c306762e3fa37bb3e99204aceb8f516187
SHA512

676d19c272dde1730f13b4f4ac67344aa53a976fd44d729738d07adf4bb6cbfa02aa43e793819508fff47624101e3452e897e284cf378f3ec3a67119a440d43e
SSDEEP

49152:PQWF8lkC1IDtuYBvgAMNKDdnQMZjN58zQ/mAala:P92lLGBoAMqQW38Q/Xala

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcd39097d30b8d6412c1b1348f35e3c306762e3fa37bb3e99204aceb8f516187

Files

fcd39097d30b8d6412c1b1348f35e3c306762e3fa37bb3e99204aceb8f516187
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.btnj
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE