47d663e5a503da69f06b0e070442c36fb044ddb32b9c53a6e2a22e39d8935316 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47d663e5a503da69f06b0e070442c36fb044ddb32b9c53a6e2a22e39d8935316
Size

134KB
MD5

65908d71f9b31eeecb980aa87ecf5df8
SHA1

2612f110e874c9d29db2b778f73fe088e7ee4d78
SHA256

47d663e5a503da69f06b0e070442c36fb044ddb32b9c53a6e2a22e39d8935316
SHA512

037a63dd45c0e778c37d466dfd14c071739cf2aed2581dbcc95181e3ec49671a768f97aa0249ecd6f4dcb5313c2a8c95a7b560c37641b3c7d24f44ea19e87e23
SSDEEP

1536:rF0AJELopHG9aa+9qX3apJzAKWYr0v7ioy6paK2AZqMIK7aGZh38Ql:riAyLN9aa+9U2rW1ip6pr2At7NZuQl

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d663e5a503da69f06b0e070442c36fb044ddb32b9c53a6e2a22e39d8935316

Files

47d663e5a503da69f06b0e070442c36fb044ddb32b9c53a6e2a22e39d8935316
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 64KB - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE