3eee8e79641d0a9e812de888edf09e971680de0159d738251d75d75a00e13db7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3eee8e79641d0a9e812de888edf09e971680de0159d738251d75d75a00e13db7
Size

663KB
MD5

19ca36efed621c08ca2dd4fbaf720f0c
SHA1

0eae9ab4a9f3ef4019ff2d0ac0fc688188383886
SHA256

3eee8e79641d0a9e812de888edf09e971680de0159d738251d75d75a00e13db7
SHA512

a2c8b7480f2a30c5b10f66839754de5e5149d5c99a4c5f7f74fc570aae586241f2e09c4f95afbb5af275f65361a8a4f1ebabf5a465634f9439301e4f22f7f2ae
SSDEEP

12288:VEQoSmc5zXNuHib5YT59nQUNOAEzxkth15aOTVLPTUGD48mCjE:VZjskOT59nnExgLPD4oE

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eee8e79641d0a9e812de888edf09e971680de0159d738251d75d75a00e13db7

Files

3eee8e79641d0a9e812de888edf09e971680de0159d738251d75d75a00e13db7
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.g
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kxvu
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.psfx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fpugn
Size: 512B - Virtual size: 4KB