442035420764912c74b1569b5f9d3eb1a37992e6f860aadcb8f57b10385487e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

442035420764912c74b1569b5f9d3eb1a37992e6f860aadcb8f57b10385487e6
Size

614KB
MD5

ae6271254a3616d66c810de4d879c3d6
SHA1

84827850c9a39b7bb26e15265c5de54771ccaa83
SHA256

442035420764912c74b1569b5f9d3eb1a37992e6f860aadcb8f57b10385487e6
SHA512

1102c5f9c6c167ff39fa035139e1a4f779402ef2958336358c84b7b7eced96749c1f52bad33ddab6bfcb685683e5659cb931d440a4d84c5c62e52904757460a0
SSDEEP

12288:CEQoSshyI7ohvR4sBc6ahDU2sBffoEKpy24qtgbANODEztGBUc:CxI7ohmIaSzX9J24GgbdRBH

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
442035420764912c74b1569b5f9d3eb1a37992e6f860aadcb8f57b10385487e6

Files

442035420764912c74b1569b5f9d3eb1a37992e6f860aadcb8f57b10385487e6
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.jxmnr
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lpkez
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE