ef21910e26497c37e8a42bd3129c18a0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef21910e26497c37e8a42bd3129c18a0N.exe
Size

980KB
MD5

ef21910e26497c37e8a42bd3129c18a0
SHA1

d7721b811e5794f5029bdac69a41b7c32a4ed4f5
SHA256

1cae111323cc9faa2fdbedf75a7c45f57bc2f0058abf403c69e12cc4c15f9c26
SHA512

c82785a61f2e792bef59d7b0b6fc4a2f36b1dc2266a4d657783ee996e10fb1befa750c3c88434ad5a89032c2dbf565342c64209c0536d63c3906b579f807b3b2
SSDEEP

12288:iDHmoniNy8L8g4RgoBO8/2vhDX16T9oSMh:iClNB8gggoBO8/2vZ16TA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef21910e26497c37e8a42bd3129c18a0N.exe

Files

ef21910e26497c37e8a42bd3129c18a0N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE