3e5c0f55613c2cceba54b5e744ea563693b42a7cd5458377139757ae89c4aa86 | Triage

Sharing

General

Target

3e5c0f55613c2cceba54b5e744ea563693b42a7cd5458377139757ae89c4aa86
Size

569KB
MD5

a121a6a338ae866693b75340bbd8b70a
SHA1

cfdf6549a40e5e967d01cb2f3d05ff17d3a5f24a
SHA256

3e5c0f55613c2cceba54b5e744ea563693b42a7cd5458377139757ae89c4aa86
SHA512

aac67468b71e5dd5c02a74db5ef058c623212a47960317f32f6803002350fa9b82348dd47bd0ad60be56aee49dbe92437bef70d4dda29dc6e881197b50d50e61
SSDEEP

12288:ErCQ/TvWLcQBb4bye/et7+hm6Jb7zPuC:c4F2NeF+hma7z

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e5c0f55613c2cceba54b5e744ea563693b42a7cd5458377139757ae89c4aa86

Files

3e5c0f55613c2cceba54b5e744ea563693b42a7cd5458377139757ae89c4aa86
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

?EngineProc@@YGJHIJ@Z
?pro_cess1@@YAHHHHPAD@Z
?pro_cess2@@YAHXZ
?pro_cess3@@YAHH@Z
?pro_cess5@@YAHH@Z

Sections

UPX0
Size: 352KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 197KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE