f06c3491438f6685938789c319731ddf64ba1da02cd71f43ab8829af0e3f4e2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f06c3491438f6685938789c319731ddf64ba1da02cd71f43ab8829af0e3f4e2f
Size

59KB
MD5

fa360b7044312e7404704e1a485876d2
SHA1

6ea4aad0692c016c6b2284db77d54d6d1fc63490
SHA256

f06c3491438f6685938789c319731ddf64ba1da02cd71f43ab8829af0e3f4e2f
SHA512

db853c338625f3e04b01b049b0cb22bdaed4e785eb43696aeda71b558f0f58113446a96a3e5356607335435ee8c78069ce8c1bcdb580d00fd4baacbec97a4b6a
SSDEEP

1536:OGd2xRPNLaGFQFjd9MuC8Hj0Lm3Uqy7OI1LPZV7SyVx1w5:FMxVhFyjd9MSmCxyKI1LPZV85

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f06c3491438f6685938789c319731ddf64ba1da02cd71f43ab8829af0e3f4e2f

Files

f06c3491438f6685938789c319731ddf64ba1da02cd71f43ab8829af0e3f4e2f
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
PyInit__ctypes

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE