ca79146bb4ea649840cd1490d9bc596b04116c1cef29617177777ca8c144bad6N | Triage

Sharing

General

Target

ca79146bb4ea649840cd1490d9bc596b04116c1cef29617177777ca8c144bad6N
Size

986KB
MD5

3e07b88cf76e4b92437700e1d2d3d2d0
SHA1

3cec235554531902819b8bd4f1c916ded964c922
SHA256

ca79146bb4ea649840cd1490d9bc596b04116c1cef29617177777ca8c144bad6
SHA512

8cf55a29a5a96cbf2834807a1c3e23f3011314ab5414c4d13433278b1b99d58fc7912f4322a2005ea9d49262709e0b85efb572705f01e7eafc5096d19152f253
SSDEEP

24576:uyXQxgvboQzA/1qcfr02AGcGM0AwXJIy6JUPDhb00Baf6re:5XQoRTcfg2oGM6XJWeTe

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca79146bb4ea649840cd1490d9bc596b04116c1cef29617177777ca8c144bad6N

Files

ca79146bb4ea649840cd1490d9bc596b04116c1cef29617177777ca8c144bad6N
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstallPost
KillProcess
UnInstallPost

Sections

UPX0
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 914KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE