fd85a77b1322ab368cd2e8702cdbecb0N[.]exe | Triage

Sharing

General

Target

fd85a77b1322ab368cd2e8702cdbecb0N.exe
Size

400KB
MD5

fd85a77b1322ab368cd2e8702cdbecb0
SHA1

392848b6b67a19e2aed417b2c472cbe1ab5e3d8e
SHA256

da359c2f4625fcff92e0e8eca9517110b0279957aa0bf9198c9cc34053cebac5
SHA512

10e55b4069818cc1c45edbd14460d8b14aed4b558e431d107c708f7fdfe3daa30b9d843b981de5306aae216f78f70a616f2396e8dc349dd4ca8f5736e7071672
SSDEEP

3072:fDNcIFN3tw4QfwmAOMe6UJbVM/vkA9OQzY6eCFs5Juh2v19hlDcfbEdp7uxEo+9l:LJigOTJXYOaFs5Juh819hqkuGh2LeyI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd85a77b1322ab368cd2e8702cdbecb0N.exe

Files

fd85a77b1322ab368cd2e8702cdbecb0N.exe
.exe windows:4 windows x86 arch:x86

ec93d43ff758b5de7005a039a7bf80b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord697
MethCallEngine
ord628
ord661
ord662
EVENT_SINK_AddRef
DllFunctionCall
ord563
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ProcCallEngine
ord100
ord546

Sections

UPX0
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE