d9dc059243b7cd6b38a3aef24f7b452f6bb502ee73252d921a3109d5263c61e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9dc059243b7cd6b38a3aef24f7b452f6bb502ee73252d921a3109d5263c61e8
Size

231KB
MD5

dc4af738576735dd143fea311b765ae1
SHA1

3712b2967cfc97741ba05ac7fa56f91a9174803d
SHA256

d9dc059243b7cd6b38a3aef24f7b452f6bb502ee73252d921a3109d5263c61e8
SHA512

eca66dfd17a8fb480a9255a910e59006ddcdd35662d5c88838a67f16e73eef624b8c0d5b7fe6a2bccfb997a2034c2fd8ac539ac401921043cdefe6d3e087b619
SSDEEP

3072:h76+sYX+bTOybVJJhk6BoUDReZgbUP3A4zLh62xOgWoutQJnRpgPv:hvs8+WeVJQ6CUDRe+UPAY0G8oSauPv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9dc059243b7cd6b38a3aef24f7b452f6bb502ee73252d921a3109d5263c61e8

Files

d9dc059243b7cd6b38a3aef24f7b452f6bb502ee73252d921a3109d5263c61e8
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

Extract
ExtractWithCallback
ExtractWithDetails

Sections

UPX0
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE