9bcffd97c576bfb3424e318f53818a20N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9bcffd97c576bfb3424e318f53818a20N.exe
Size

614KB
MD5

9bcffd97c576bfb3424e318f53818a20
SHA1

20178e03899bb6e948448716141350f9e06ea8b4
SHA256

c8585e7115c6bdd92e203497c088f4e17ad6015756e0a393327e9135c527d37e
SHA512

365e772fb545c582107d27885d28439ded7c1e72088d4d3f0dcdb2272774dfe1ec58dea0e3cb4b0b0f45023f172c44bcbb93029d49f725ad49e4de077d04b793
SSDEEP

12288:eBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:LMzEgNPFpoz/0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bcffd97c576bfb3424e318f53818a20N.exe

Files

9bcffd97c576bfb3424e318f53818a20N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE