f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694 | Triage

Sharing

General

Target

f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694
Size

608KB
MD5

1a697204865eb985cbe3fbf3371d907c
SHA1

01cfef7a2c7c9e06cb491ceaf840c59126a45a67
SHA256

f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694
SHA512

a6c5e37f9a281cc322e15a988421e3c47d5b64ee7d045ae2d65cd9b2a9de80f06f4a2697a83368cc8967ed29fb384e85168b1328d16f05429f3585bf22360c94
SSDEEP

12288:9BAsu/1OsCzbT7YebtN2rMFpouF0/DD0:yMzEgNPFpoz/0

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694

Files

f8b92acf359d37edaa202d4ef8dae75f8cf509f80715d80e2e68616b8e074694
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE