01632bb3872328698db07ea283bd103e2b820f7b488c905d47e3e08109d9accb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01632bb3872328698db07ea283bd103e2b820f7b488c905d47e3e08109d9accb
Size

14.3MB
MD5

535cf849fc763d8c0467a416567133f8
SHA1

a16314369a351e3f5e948a0257c05b588eeba825
SHA256

01632bb3872328698db07ea283bd103e2b820f7b488c905d47e3e08109d9accb
SHA512

0d9c6df8ad3d8b778c612cd01bf8c36677a5e94a7e34dd12c9931a765f0d9747b049cb75036168419382652abe4a745c2461f63b0cb99069079f5aaab70cd297
SSDEEP

393216:WtjAB4QSQa5qPSfgOovRwqCPNB904OtjAB4QSQa5qP:y84QSkqfbovRw9PNvK84QSk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01632bb3872328698db07ea283bd103e2b820f7b488c905d47e3e08109d9accb

Files

01632bb3872328698db07ea283bd103e2b820f7b488c905d47e3e08109d9accb
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 940KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma1
Size: 10.8MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE