6f4194aa64f2cab0fab9f5ceec720ade92de409b444b43df479aecdfc893c832 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f4194aa64f2cab0fab9f5ceec720ade92de409b444b43df479aecdfc893c832
Size

134KB
MD5

59ce013ca8b5d7cfddfa91c61b1ce64a
SHA1

a75b953c2e5bb1c404c16648165411b68faea3b3
SHA256

6f4194aa64f2cab0fab9f5ceec720ade92de409b444b43df479aecdfc893c832
SHA512

a41d8bed29db19bff432680de90d9736d1d48933b1cc4d5038bc6dec80bc2ee748fbb8ac9a3a26c07e7870d26cc92bb7baf4c5f19f97b93fbddd5ef08e18f8f8
SSDEEP

1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38QB:riAyLN9aa+9U2rW1ip6pr2At7NZuQB

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f4194aa64f2cab0fab9f5ceec720ade92de409b444b43df479aecdfc893c832

Files

6f4194aa64f2cab0fab9f5ceec720ade92de409b444b43df479aecdfc893c832
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 64KB - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE