59c19426f48010206716ab6d27586848074c764bdef6c90f2dffbaed91ac864a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59c19426f48010206716ab6d27586848074c764bdef6c90f2dffbaed91ac864a
Size

225KB
MD5

238bff9fbea0874754ea48b195c0d303
SHA1

b404edc9d3facb95218e9cd394419812ba96774a
SHA256

59c19426f48010206716ab6d27586848074c764bdef6c90f2dffbaed91ac864a
SHA512

51a1903ec64203910fc9afe5d745d6b00e08ee39f7666dcac2affcd27329ab695560630e73a36549b48a197b6c423fc1a2b4057de543fa38856176a4cda23b10
SSDEEP

3072:vDDO1Z/u/pls/0Q8jVn4zVqjhePFAAtsnJby2ygNKZc5g7bAiflSYQKn6YacaKIE:LDO7/GpS0Q8HheRy7ygNbg7bbUYN6ja

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/GEHT.exe	upx

Files

59c19426f48010206716ab6d27586848074c764bdef6c90f2dffbaed91ac864a
.cab
GEHT.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 200KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ