c30bc6735ddaec0f1414133fab774ec8bc97fb59d294966854a94727ae6d5240 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c30bc6735ddaec0f1414133fab774ec8bc97fb59d294966854a94727ae6d5240
Size

551KB
MD5

a9c4906f45aec39c3b3d524c9b339eb5
SHA1

6209955e7299e82145c97d187e74f394a88bfabb
SHA256

c30bc6735ddaec0f1414133fab774ec8bc97fb59d294966854a94727ae6d5240
SHA512

490fa82826330478906035122d69d555183d7527d4352f9a5633ea054d267da8a6096fd7d219b66b5c24c5316279878fb22f8d0fb1577d7aef5c575c592d2e81
SSDEEP

12288:gEQoSg+R4Vs3sIjUZtX/d4fLfc82GdxalMX:ges3Atl4fL0bGdklMX

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c30bc6735ddaec0f1414133fab774ec8bc97fb59d294966854a94727ae6d5240

Files

c30bc6735ddaec0f1414133fab774ec8bc97fb59d294966854a94727ae6d5240
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gtcl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kxvu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psfx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oncez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bsp
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ