3ced61d99919be4468c652d93507e02d148a014fa985dacf2258e6d5c07b81da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ced61d99919be4468c652d93507e02d148a014fa985dacf2258e6d5c07b81da
Size

606KB
MD5

70604b5d38b8f99d58429fdd7b76d04e
SHA1

bc29fd38684ab5f4350e8745c8cea76d3a71ffb9
SHA256

3ced61d99919be4468c652d93507e02d148a014fa985dacf2258e6d5c07b81da
SHA512

1c1ef6c5baa41a8260d57110c631c9944d81c9933589f444f2c819c6099e3d248f1325f8160d5dce181eca7fd0a030ac22799696818d09be389713c4c585d45b
SSDEEP

12288:QBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:BMzEgNPFpoz/0

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ced61d99919be4468c652d93507e02d148a014fa985dacf2258e6d5c07b81da

Files

3ced61d99919be4468c652d93507e02d148a014fa985dacf2258e6d5c07b81da
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE