b1d56fb9b65b16f0d6933497cca654d1f086e875556f1faecbd3545290affa42 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1d56fb9b65b16f0d6933497cca654d1f086e875556f1faecbd3545290affa42
Size

69KB
MD5

b7b0d0465edae568d389101941ba6cd1
SHA1

a02e390bb2d4592ee94117a2b41fa21d48230f8f
SHA256

b1d56fb9b65b16f0d6933497cca654d1f086e875556f1faecbd3545290affa42
SHA512

cbc05e50b52563932b758b8f54c3b8fb00bb149bc1ca2994f7e5a549705e0dfcf62b3aa5f145f8d1fc2f477be460aa0510911affbcdfae030544c921b08f18ae
SSDEEP

768:MiPPTYiNCSAetFpamkQzXmRItONlg8PyNUMsFYsktATb6jzWHG2nDx+i7:M0FptJiNng8dViN0m/WHGox+i7

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1d56fb9b65b16f0d6933497cca654d1f086e875556f1faecbd3545290affa42

Files

b1d56fb9b65b16f0d6933497cca654d1f086e875556f1faecbd3545290affa42
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE