2024-05-07_dcd7345462341ba7f34cb38eb9d0a9bc_snatch | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-07_dcd7345462341ba7f34cb38eb9d0a9bc_snatch
Size

3.4MB
MD5

dcd7345462341ba7f34cb38eb9d0a9bc
SHA1

2e14223874e0b3bf3b1735d817e11f61500e0a06
SHA256

368e865e94054ae85c6c9d6e0e2fc49e46c00b4a06b942f7cf2827604055001c
SHA512

ed56346a88c30d0bb7a3b74d62063ff2077014e3ab3ee4ceb26539a5d1fde4d6eea2a27cd659c49319b96f5d929e94735f71411d679588860a1203c06bd2becb
SSDEEP

49152:uBa4HLkSY+VGYZK8ilom+AIbCSfItk4+YCQlCIs++NCdBTt9NdEb:uM4rC+VGYMacC8s82

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-07_dcd7345462341ba7f34cb38eb9d0a9bc_snatch

Files

2024-05-07_dcd7345462341ba7f34cb38eb9d0a9bc_snatch
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE