f8bedc352a3c0b08c4201abdc3e6b77738e5e9d557a80b81d6b62fe79202ac32N | Triage

Sharing

General

Target

f8bedc352a3c0b08c4201abdc3e6b77738e5e9d557a80b81d6b62fe79202ac32N
Size

582KB
MD5

c39882a82667892cb5dacbc63d97b720
SHA1

7bc008e8c62fac4e9782f7e29a3ea561acbf9d89
SHA256

f8bedc352a3c0b08c4201abdc3e6b77738e5e9d557a80b81d6b62fe79202ac32
SHA512

a96c03ba3fa1d5e36a3f57dda682f2cc4546d8153e037f27589bb0ca5d1408cb00351511d96d1089101bdbbe7436146760d3fda3740a73cbeb19039926d3d90e
SSDEEP

12288:QplrVbDdQaqdS/ofraFErH8uB2Wm0SXser5FU:sxRQ+Fucuvm0as

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8bedc352a3c0b08c4201abdc3e6b77738e5e9d557a80b81d6b62fe79202ac32N

Files

f8bedc352a3c0b08c4201abdc3e6b77738e5e9d557a80b81d6b62fe79202ac32N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?process1@@YAHHHHPAD@Z
?process2@@YAHXZ
?process3@@YAHH@Z
?process5@@YAHH@Z

Sections

UPX0
Size: 330KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 188KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE