672fd66d5e6351b4a35d9d49ff5ed890N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

672fd66d5e6351b4a35d9d49ff5ed890N.exe
Size

900KB
MD5

672fd66d5e6351b4a35d9d49ff5ed890
SHA1

8bd8f043a2a0d261b9582c3ff02d7b00fa977d6c
SHA256

66c480860b854c7c3293c8b474b77fdbbf7781c4bde99d149a497431b5117ff8
SHA512

b593f4ae4192e7476e6749917eb3775e1e8a60bde756f8d9c967672e77e03f1718e4d7fd38a29fec7bbfe186634d40eb60fc51e97aa8aa7bfe9bf86e0a1f98fd
SSDEEP

12288:YEQoSpqhzchnW2r7FW731m1fF0EDlMWzEpukyxIjeiFwSX8naOdJ2iSaidn2kxTq:YizcooGASUEQkx6S+NDGnTdPiWeG6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
672fd66d5e6351b4a35d9d49ff5ed890N.exe

Files

672fd66d5e6351b4a35d9d49ff5ed890N.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktlju
Size: 512B - Virtual size: 4KB

.wu
Size: 512B - Virtual size: 4KB

.shik
Size: 512B - Virtual size: 4KB

.nbd
Size: 512B - Virtual size: 4KB