df7d0af102046d130150e361ddb912f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df7d0af102046d130150e361ddb912f1
Size

40KB
MD5

df7d0af102046d130150e361ddb912f1
SHA1

2bc0f117b2c165cdcede0190f0cd7d13b5d2ce28
SHA256

90218a235eb1cb35000a235f4fd35aa2ab7eff95f1e9d898169a6e4519607662
SHA512

8057336eafcda3f174d61b1641ad7b4ceed16585a13d925b1a9e7fde7bce2d3e461a8082179667e0730a62ea5ef528064b959038071772f882bc8086a3f9bdc4
SSDEEP

768:4XHlofAC4nCAtwa/yDZVyq/hEO5M+KyXy/nAmXc9TzVC+Mgq9XDC0Q2:MCMdCa/OVjrLEAQazVC+MgqJO0Q2

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/document.com	upx

Files

df7d0af102046d130150e361ddb912f1
.eml
document.com
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-plain-1.txt