9f2998f9b7a5f0accfe464b0e68b8358c29d70050905e9b9f1edc40633c483ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9f2998f9b7a5f0accfe464b0e68b8358c29d70050905e9b9f1edc40633c483ea
Size

1.9MB
MD5

7826a68e7c56269c09b9a5d1d9ab0987
SHA1

535131da3a6043a7a2904a621c74565aeff652a2
SHA256

9f2998f9b7a5f0accfe464b0e68b8358c29d70050905e9b9f1edc40633c483ea
SHA512

99da06a26889e5496fd0be6061a7410dc9ab0289c2cc7e3ea88e5a6e5d8247249f3c41ee554f692a3555478237dfa513eb012c7ffd3be926775814e94f325b8f
SSDEEP

49152:bPdSi/3ThBvBNL1f7z7U3SWhL0wJob3Z81:bFp3ThBZNZn7Udp0wJui1

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f2998f9b7a5f0accfe464b0e68b8358c29d70050905e9b9f1edc40633c483ea

Files

9f2998f9b7a5f0accfe464b0e68b8358c29d70050905e9b9f1edc40633c483ea
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bvxzt
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yno
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vzkj
Size: 512B - Virtual size: 4KB

.kemyz
Size: 512B - Virtual size: 4KB