46b2ebdcd5ba5bd54afc708110c2fa6af0f4b98741378824d744b6fa99115c27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46b2ebdcd5ba5bd54afc708110c2fa6af0f4b98741378824d744b6fa99115c27
Size

957KB
MD5

f1dadafc5150de0d463496ef5a763654
SHA1

886bbc65123c4d10e5f48c0f7f591744734f2d02
SHA256

46b2ebdcd5ba5bd54afc708110c2fa6af0f4b98741378824d744b6fa99115c27
SHA512

f871e46e189e80ce819243da8bb4332f10ef46c6554bc83352dd9ac2a6694da747bad126fa0671e5c0987e3c3442dd4e89b52b5250a74a431b852e91b36ce02c
SSDEEP

24576:YiO6WrxZlY8U8BML/ydig3XJLIRqxRSqLtM2T+cFPM:xOB9ZlY8U85cg3ZURSTLdJFk

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46b2ebdcd5ba5bd54afc708110c2fa6af0f4b98741378824d744b6fa99115c27

Files

46b2ebdcd5ba5bd54afc708110c2fa6af0f4b98741378824d744b6fa99115c27
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktlju
Size: 512B - Virtual size: 4KB

.wu
Size: 512B - Virtual size: 4KB

.shik
Size: 512B - Virtual size: 4KB

.nbd
Size: 512B - Virtual size: 4KB