e41b3b5bd64a3c908fa5dead8f5336dbdfa022373bffca5a3102993689b51f60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e41b3b5bd64a3c908fa5dead8f5336dbdfa022373bffca5a3102993689b51f60
Size

236KB
MD5

8a26fda5a6900badb51c765f50fe7c6c
SHA1

646ea6bf580a6cbd2efef9cb1028c6e867638c8b
SHA256

e41b3b5bd64a3c908fa5dead8f5336dbdfa022373bffca5a3102993689b51f60
SHA512

401645ffc4cce8165005b107d7ca7a9d6be9e208c36590febe0208f472160a1ead3aebee2045c2a04a9493c455dbf0d42e3ece66afaf05c162ccf3073a580141
SSDEEP

1536:sDusHJo0IHgL2AHfb1mzaFXg+xsukl4Y17jsgS/jHagQNuXGpeV1eT92NdTy2OBn:zox6AHjYzaFXg+w17jsgS/jHagQg1E5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e41b3b5bd64a3c908fa5dead8f5336dbdfa022373bffca5a3102993689b51f60

Files

e41b3b5bd64a3c908fa5dead8f5336dbdfa022373bffca5a3102993689b51f60
.exe windows:4 windows x86 arch:x86

210081ca7cb0771b9f31a7245cedfafa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord518
ord553
ord593
ord594
ord598
ord631
ord632
ord525
EVENT_SINK_AddRef
ord528
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord608
ord531
ord716
ProcCallEngine
ord537
ord645
ord570
ord576
ord685
ThunRTMain
ord616
ord617
ord618
ord619
ord542
ord543
ord544
ord545
ord546
ord547

Sections

UPX0
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE