f379ca7549e6d10bde40a50d197d6c010a1b90237b615e7d3c0029fba577f246 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f379ca7549e6d10bde40a50d197d6c010a1b90237b615e7d3c0029fba577f246
Size

784KB
MD5

120d0e66ef42814d4ddf20148a91c9c0
SHA1

2677841c9d739f3ad9bf9dee2f6136a299a1396a
SHA256

f379ca7549e6d10bde40a50d197d6c010a1b90237b615e7d3c0029fba577f246
SHA512

88c702af0e5ed9f4c8c61520c164afa4a3d71077fa3769e8a832e86b9f935204698e5d156f14d639b3f5af7d6610f6df8db95757fe1708071c6331c0cad3576f
SSDEEP

12288:+0Q6YPYu2ZAyIc+6QFz2XrKjMdnY0w529WBmw1mCcmX4wajiegC4H5NVe3R1CwcR:+0Vq2jQ3MBJnFqVpX4djXn4ZNV8AyUL

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

f379ca7549e6d10bde40a50d197d6c010a1b90237b615e7d3c0029fba577f246
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 669KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 404KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ