fbfb3686dd9b884feb2f797842c9b14eeb0566c92edc258f7f2077d2b33784c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbfb3686dd9b884feb2f797842c9b14eeb0566c92edc258f7f2077d2b33784c2
Size

112KB
MD5

897c2a3281686d869037ed00c9489acf
SHA1

b6550f2f68499da656f8867a05638d6af3b5eea6
SHA256

fbfb3686dd9b884feb2f797842c9b14eeb0566c92edc258f7f2077d2b33784c2
SHA512

9a3bd2e3e59990baeeae8d96294e29952bab80682ae5a76f463fa8490ec49cb2c31b110951b088400a253d227de73621704c1efe0d44fa4a576a827dd3c0f5b0
SSDEEP

768:TKEBUUC151Npquv3Rn4KE7pRnbcuyD7UYE:moU5bLpXRxMnouy8D

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbfb3686dd9b884feb2f797842c9b14eeb0566c92edc258f7f2077d2b33784c2

Files

fbfb3686dd9b884feb2f797842c9b14eeb0566c92edc258f7f2077d2b33784c2
.exe windows:4 windows x86 arch:x86

3dcbc7d0ae83594aee771cb6c6621c0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord696
ord697
MethCallEngine
ord518
ord667
ord593
ord594
ord632
ord525
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord716
ord717
ProcCallEngine
ord537
ord644
ord681
ord100
ord616
ord619

Sections

UPX0
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE