4a8717d49653d78cd4cd0c2ed21139f59db6e4b6085f54c6790228b9dc41c872 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a8717d49653d78cd4cd0c2ed21139f59db6e4b6085f54c6790228b9dc41c872
Size

8.4MB
MD5

5bea7e7711e2e6d393f48b67f48c8bbe
SHA1

6bb82de1712f1d20e4b93a47ba03fe9c1560aeff
SHA256

4a8717d49653d78cd4cd0c2ed21139f59db6e4b6085f54c6790228b9dc41c872
SHA512

1c4bb1f9afab4594eb4c70e69049819f7f1a1634410eaa7f237c2d0679d22b193a0035195332e6a08d955004ac3b87867c7ec1c296c60fbabbcf587452ac6471
SSDEEP

196608:SjRIicXm6TtwO5xh9FkVCSK+zL4hE6LKjnTcfA:SdIix2t/hH6Cg4h/LgT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
sample	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a8717d49653d78cd4cd0c2ed21139f59db6e4b6085f54c6790228b9dc41c872

Files

4a8717d49653d78cd4cd0c2ed21139f59db6e4b6085f54c6790228b9dc41c872
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 966KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 346KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE