4a696b507002c98ef1d9cbf8da449381e9760ce93856f66ee556d8ec17f28670 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a696b507002c98ef1d9cbf8da449381e9760ce93856f66ee556d8ec17f28670
Size

609KB
MD5

48580855aa7f062bea6de4f9e602f836
SHA1

2a016bbcf5161085c1f0c4bf0970bdc3b9c6ffc1
SHA256

4a696b507002c98ef1d9cbf8da449381e9760ce93856f66ee556d8ec17f28670
SHA512

424a13c65cac928565669bdbd0796b4aadb21bff4f9673d6a4ccd46d1e623b0fc5396de56316390f339c0e87d56826defcc3422e7444d542b9bd3bcfd3972fff
SSDEEP

12288:FBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:6MzEgNPFpoz/0

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a696b507002c98ef1d9cbf8da449381e9760ce93856f66ee556d8ec17f28670

Files

4a696b507002c98ef1d9cbf8da449381e9760ce93856f66ee556d8ec17f28670
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE