24f5ebdad00d567029760a3e364b2702d1402fe4dc6c7e0801824b02bd239c22[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24f5ebdad00d567029760a3e364b2702d1402fe4dc6c7e0801824b02bd239c22.7z
Size

529KB
MD5

019f79bad911018716678def3bc289b1
SHA1

709536cba1206f133724f522944d4c3f098a577a
SHA256

24f5ebdad00d567029760a3e364b2702d1402fe4dc6c7e0801824b02bd239c22
SHA512

355f1610e2ab20e86546ee748f2a596467ccf72610b3df258aa384a4da918a7794c43462449183ef1faa17d9193e8305c24c520253189d2d4ba54cfb32bdd289
SSDEEP

6144:k4GBTCX0LSFaEPsBjvraT/o/8qF3HfYakJNJC3EPDkv0niR6KeLsn/Rt3OLnIfS/:xdFBuEg0y3HApQ3EbkE/bwGzWzUlq7w

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Phija.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Phija.exe
unpack002/out.upx

Files

24f5ebdad00d567029760a3e364b2702d1402fe4dc6c7e0801824b02bd239c22.7z
.7z
Phija.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 760KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 529KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ