f0b7949abf0d0962e30a8f77bcd61d6250945cc5e31bc44fe50bb7a998894fc4 | Triage

Sharing

General

Target

f0b7949abf0d0962e30a8f77bcd61d6250945cc5e31bc44fe50bb7a998894fc4
Size

7.1MB
MD5

ceb10d88e61945cd31c437371bbc6a2b
SHA1

4fec589ab4fe9120e55ca2f5f42e062ac5f76306
SHA256

f0b7949abf0d0962e30a8f77bcd61d6250945cc5e31bc44fe50bb7a998894fc4
SHA512

9050d9ce4df026a334e859f04e5e449707bd47c265190f93dcb5ead0b88c0babc0923f0996a3163a14fd2250efa5f52e847930977f56b3d2b8e283d82829ed10
SSDEEP

98304:HKotGRiDgQ9u30CBlFnBA+BQUtPe6Fy/TAQaKt:HK/3Hu+6gk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0b7949abf0d0962e30a8f77bcd61d6250945cc5e31bc44fe50bb7a998894fc4

Files

f0b7949abf0d0962e30a8f77bcd61d6250945cc5e31bc44fe50bb7a998894fc4
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

Cus_�ò��Ŀ¼
Storage_��CookiesJson
form_get_object
form_yisin_qq
ȡJQע��ص��ַ
��JQע��ص�
��ӿ��̨�ص��

Sections

UPX0
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE