a8862db02301b89c12b793c983354f3ebeb4dbf326430056cb2b98c6ee20db92 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8862db02301b89c12b793c983354f3ebeb4dbf326430056cb2b98c6ee20db92
Size

4.1MB
MD5

efb37c0a2fc3be9874e4e8b49ba39107
SHA1

ea378ad5146477fef5cfe3086b4589226bc63629
SHA256

a8862db02301b89c12b793c983354f3ebeb4dbf326430056cb2b98c6ee20db92
SHA512

c8b372b46d2318c9fa62133dc4d377fb198455e620207803c1fa830b19285abb281767dd990466f4295e0aac4d89462376869a6caef1ed9ae0fdc848f7c8e20d
SSDEEP

49152:1OxBuFrBuTpArlD8C5n1O9odQnPwrD398luLB3gqEwv:UWwTa5DZ1O9om4rD398MLBD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8862db02301b89c12b793c983354f3ebeb4dbf326430056cb2b98c6ee20db92

Files

a8862db02301b89c12b793c983354f3ebeb4dbf326430056cb2b98c6ee20db92
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 738KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 266KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE