General
-
Target
_190969.exe
-
Size
20.4MB
-
MD5
251677a82493d3e405138bab8e0da749
-
SHA1
b38f1c9f516bdf9775da626b242cd7bd72d127ba
-
SHA256
690f694499031f3c6472f273386321ce1da5168917516b91ec12b2c639cfab42
-
SHA512
4730090d2c686639d3174ff5dbf2c851a91ad8ed1efd0766243063b40427dae409a504e19259a65982aab3eb15283c02d7e545cf10990f0db95eadb3dbcd3871
-
SSDEEP
393216:VZTm8LWK7gmYmzQfeL35gbwLzR06e/mJzHbnw6i:VZTlW6gmYmzQfSdG6e+VHbnw6i
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource _190969.exe
Files
-
_190969.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 53.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 17.2MB - Virtual size: 17.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 140KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE