8a1957920929dc97dde7fd09fd87c9bca69a8f0cc7708eb76a0176bf7ecf68ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8a1957920929dc97dde7fd09fd87c9bca69a8f0cc7708eb76a0176bf7ecf68ee
Size

282KB
MD5

98fce2729ac96524d065dcdc014c070b
SHA1

0f0d8f658060f44371e9168f74d9c2d108c44400
SHA256

8a1957920929dc97dde7fd09fd87c9bca69a8f0cc7708eb76a0176bf7ecf68ee
SHA512

83e18390f14804e11fa1aedbbfd34f72cd9d0dc5485e74bce0010c4e989af6b0ce02cefe0bd8ed134b9ec9f6f2b647ce1bd965d95b6e5f4f8fb0f6a5ca617784
SSDEEP

6144:SmVnxWa3L3PjqEPZlWDSmeM3YC/2AnvGsB4Cy6NNFJW9KYuLOush+X5RhgH:nf3L3PBes1CuAnvBmz6nXW9KYuLrsh+k

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a1957920929dc97dde7fd09fd87c9bca69a8f0cc7708eb76a0176bf7ecf68ee

Files

8a1957920929dc97dde7fd09fd87c9bca69a8f0cc7708eb76a0176bf7ecf68ee
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 41KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ