5c6547a711675f9af9fbb98ec0de129e1c2a9a96ecaa7d4dc361604c6027123c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c6547a711675f9af9fbb98ec0de129e1c2a9a96ecaa7d4dc361604c6027123c
Size

10.8MB
MD5

a5f6b817a4959a6bd31e172f6140a803
SHA1

2cfa304724b97896b342c4747d3e69571f88c382
SHA256

5c6547a711675f9af9fbb98ec0de129e1c2a9a96ecaa7d4dc361604c6027123c
SHA512

2af0149a59e6f37840711993558d8728d9115d3d0a13387edab9049895d32d9b6d3c832083cec320be6ef0ec6d47a24e9f76e6e3bfd1d80ed28a6dee265a2636
SSDEEP

196608:Gb9MmLUeqSiAZp21cMczBmoVypBKkxGfyPDcSMOtfRPPKlr5r1yI3XNqoe3l8oxb:Gb99IJSiO26sRikxGfyPgxDltMoe18ov

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c6547a711675f9af9fbb98ec0de129e1c2a9a96ecaa7d4dc361604c6027123c

Files

5c6547a711675f9af9fbb98ec0de129e1c2a9a96ecaa7d4dc361604c6027123c
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
__main__.pyc