322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405 | Triage

Sharing

General

Target

322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405
Size

327KB
MD5

015e231fd6b583357a8cec450a5cbb0e
SHA1

092a6d4485384d5d62f3e04fe19d70aed6fc5f22
SHA256

322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405
SHA512

636b099ebfd96f35d690d5f610ae45f106d4c9de40ca88ebd0c88bcb51674b2da5533a72bb6eb79c022112f94ef717e24e69ac99e094d6d147fb6876055c1259
SSDEEP

6144:bTz+WrPFZvTXb4RyW42vFlOloh2E+7cIozDJq5pyA:bTBPFV0RyWl3h2E+7cC5l

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405

Files

322b4a5e5a6679b8702500d7d5fa9d903337f9f60951dde9e6a28f3a4de40405
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE