6eabeb4e12488984a2fe1a6f0a7f4b0ba40d8d89bbc86baa6b8c7f9d5e70d059 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6eabeb4e12488984a2fe1a6f0a7f4b0ba40d8d89bbc86baa6b8c7f9d5e70d059
Size

1008KB
MD5

0732f796b3c2cdf6c595509c2f9aa0c7
SHA1

04f2c027f0cb42395c4cb4b17a9b0e652d9067ef
SHA256

6eabeb4e12488984a2fe1a6f0a7f4b0ba40d8d89bbc86baa6b8c7f9d5e70d059
SHA512

dc731aec58847986b3fce874740305a98fb96a559f0b805f1b7d31bc17354b3fde3f22ad5f743664a65fecae4b4f593a79b548bbcd28ef328e14e8201934ec41
SSDEEP

12288:me9/HGOJJ3IU87VOB5uBlMJkXuertzD3lS0A8NbRoSc:meNHGqJ4UZklOkXJrJD1FNbY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6eabeb4e12488984a2fe1a6f0a7f4b0ba40d8d89bbc86baa6b8c7f9d5e70d059

Files

6eabeb4e12488984a2fe1a6f0a7f4b0ba40d8d89bbc86baa6b8c7f9d5e70d059
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

Close
Handle_main
Open
Send
TIM�Ƿ��
�ر��еĴ��
Ⱥ��Ա��2

Sections

UPX0
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 304KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE