bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf | Triage

Sharing

General

Target

bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf
Size

40.0MB
MD5

a7520ab8d474b169f7d70171bf1d6933
SHA1

f926802027e1290fd9df9077461697a99864ba37
SHA256

bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf
SHA512

425121d7055dd45561082dd9c481011d8f92ba49922ae265d47781f9687f4622230fc5e4624e2f26dd8e8eef8f89245dc8e5238a331495b6523f7cbf7936c6c9
SSDEEP

786432:o4/5sR5CrChHtkpuqFbF5kPi0x4+xpQa8dDt+IHHlhlDzQLGbusoDGkBltvl5FZu:o4/5sOrOCpusF5oi0x4DdI2rlgKQlFv9

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Files

bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 359KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39.6MB - Virtual size: 39.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39.6MB - Virtual size: 39.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ