5ab5c16e7c77e518eb00b2e99232b490N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ab5c16e7c77e518eb00b2e99232b490N.exe
Size

609KB
MD5

5ab5c16e7c77e518eb00b2e99232b490
SHA1

2afda50ad113917c3063b6b6e5df6af2c78b7152
SHA256

27a34f0d36444d776ec9329ef20e670db8922e85da91971f7cf66feca2a3dc39
SHA512

73607a5a9d9fb7a2bc85cdbcf1db8970879882963a6bc5c7cc3c3c5b6dd60ecb8a40bab8c6df8050c7e2bcf6243b7289cda81d4afff2b68e85d83745c7532a6c
SSDEEP

12288:SBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:fMzEgNPFpoz/0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ab5c16e7c77e518eb00b2e99232b490N.exe

Files

5ab5c16e7c77e518eb00b2e99232b490N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE