395064ed183a2dc315d97f17fa7aaaabdf62e3c65107e896239230b0cd349bd1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

395064ed183a2dc315d97f17fa7aaaabdf62e3c65107e896239230b0cd349bd1
Size

559KB
MD5

f57ddf77d082106b67570930dfe2d6b5
SHA1

3d4b720a523fe240980d7f1cf955b111668cc9d8
SHA256

395064ed183a2dc315d97f17fa7aaaabdf62e3c65107e896239230b0cd349bd1
SHA512

f2a0edac9827e65479de36748652d7f48acb0dcc8733b02f24cc5f890d200167bd026a5d2812dfba5200208b9631c6d6d63641b7ef51d6eaeee4c4ae28706bae
SSDEEP

6144:SJV10cTrk/mWVqwvzJR6QLW4/ih5QDyU+FM8cEOkCybEaQRXr9HNdvOaZm:at+aQa4/cQDy06Okx2LIaY

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
395064ed183a2dc315d97f17fa7aaaabdf62e3c65107e896239230b0cd349bd1

Files

395064ed183a2dc315d97f17fa7aaaabdf62e3c65107e896239230b0cd349bd1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 268KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE