68ebb701c0de893232e01ae24713279e311b48c561e8d7c6dba4ce3d060e9391 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68ebb701c0de893232e01ae24713279e311b48c561e8d7c6dba4ce3d060e9391
Size

15KB
MD5

13d25190288642594d0defa07c7017c0
SHA1

a31aad866d386c04fefa37c83f61dff99377e9ac
SHA256

68ebb701c0de893232e01ae24713279e311b48c561e8d7c6dba4ce3d060e9391
SHA512

040a89430e805fe0dd66fd15b58a134ff46f26ed296d4de203c81ae8142e5422b86abbe4f2fe2a0e40f96e7c9416df27e4ffc5936a3c3c773a32ceef7fbb84d8
SSDEEP

192:6s/vKxPaqt1aNtjNwoSgkxCLMUJjijPCUyK7ppZJQyo6j7KzAk0RdiaMahM975:PvQ/E2oNwqUDpZJDo2GzADRYafA5

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

68ebb701c0de893232e01ae24713279e311b48c561e8d7c6dba4ce3d060e9391
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Hookoff
Hookon
InstallService

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ