1f34c569ab17c896b65ca17bfa90217bad1a993e466ab1f7d85d4877a5eb6679N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f34c569ab17c896b65ca17bfa90217bad1a993e466ab1f7d85d4877a5eb6679N
Size

55KB
MD5

215337717388ff395c54670f650147d0
SHA1

d59f2b76c48df8858ddc8b5edd4f0b047b2b9452
SHA256

1f34c569ab17c896b65ca17bfa90217bad1a993e466ab1f7d85d4877a5eb6679
SHA512

2cff1d5026f5ef50c29506205080c8df7125a235fa73d9d4359d52a0362073344446f0559ef454bd11a5009c96e90e2ecbbdc7902109d5d9bdb7154f15e19b98
SSDEEP

768:8Xudq8Nxh5VCtjaGWs0wKcnBPsWjYbuqw+:8+5ro2n4P3sdw+

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f34c569ab17c896b65ca17bfa90217bad1a993e466ab1f7d85d4877a5eb6679N

Files

1f34c569ab17c896b65ca17bfa90217bad1a993e466ab1f7d85d4877a5eb6679N
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DivxDecode
Hookoff
Hookon
InitializeDivxDecoder
SetOutputFormat
UnInitializeDivxDecoder
ftsWordBreak

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE