932ef3301623e4bb9cef4a3617434790N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

932ef3301623e4bb9cef4a3617434790N.exe
Size

296KB
MD5

932ef3301623e4bb9cef4a3617434790
SHA1

2726f3bf8ccec7da91e1561152fbd1f67b55067a
SHA256

cae9975de4f92d47c51d7e7f28367f471ce7a9a8994a9c555df6ff99885225cd
SHA512

e3386b4f2845da6cfce9ecacc03e8c447d273a1fb87c780e8baa036c5690c6be66c7b8a5c02ebce4e6857d5d0343ebb5ac24de99a22fc1281beff3128c6fe3a5
SSDEEP

6144:uuq1yy/pjnkWcLkONgMDGMHTiLCwKurwdaCAgLwUlJWXx:y1yc9kWc4u7DGMyCdhmrx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
932ef3301623e4bb9cef4a3617434790N.exe

Files

932ef3301623e4bb9cef4a3617434790N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 53KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE