4a444468034001bf24dbced79c60ee40N[.]exe | Triage

Sharing

General

Target

4a444468034001bf24dbced79c60ee40N.exe
Size

611KB
MD5

4a444468034001bf24dbced79c60ee40
SHA1

0d80b7a085068b8f9224f1d6f1e3e9d74ba1ae18
SHA256

3d1da79f981694da75e7435a4577381233434592dab00a872d787533e1d42a4f
SHA512

425daf78d9957ef7187725a9a14179971315ea874c3564b019328dfd02f4b60190e7940519586422e5ab8cdc55d6c3aa8ebd3dfb64fbbbb582b6242af7940f4a
SSDEEP

12288:IBAsu/1OsCzbT7YebtN2rMFpouF0/DD0:ZMzEgNPFpoz/0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a444468034001bf24dbced79c60ee40N.exe

Files

4a444468034001bf24dbced79c60ee40N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 372KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 156KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE