8c5059b168e63b14c6aa9718a4ae4420_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c5059b168e63b14c6aa9718a4ae4420_NEAS
Size

250KB
MD5

8c5059b168e63b14c6aa9718a4ae4420
SHA1

7dfd9f25d943b5c9b4ea949d7946a0a749eb59fb
SHA256

d5997a662d403532efda3c791b0b48a7b124a478bb3e96edde1964137e4515a4
SHA512

d7fa545b3ad415e4f344350207827e504c22f61c3631b75943375d80cd5df29ca279955465aced6cc842abd12951389475f4d61fc94d0045b36eb5dd9600e18f
SSDEEP

6144:CjluQoSIIo5Rxs3H5dS09VodPKXlZvYyol0tbUgag7V:CEQoSsNi809yK1ZvY7M

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c5059b168e63b14c6aa9718a4ae4420_NEAS

Files

8c5059b168e63b14c6aa9718a4ae4420_NEAS
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE