aa9487c8f4aa8c606063c2d45e716278146f5379f850f0500c2982d962153634 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa9487c8f4aa8c606063c2d45e716278146f5379f850f0500c2982d962153634
Size

29KB
MD5

8455d69e9ffc4415b77d3bfcb584da90
SHA1

95fe22202ee0e0389ad2bf095c84eca77792cbcf
SHA256

aa9487c8f4aa8c606063c2d45e716278146f5379f850f0500c2982d962153634
SHA512

30014cfee27c442dd45a5917ad10aaa38b54f7432b2f4814d85433a39fe4255cc70ee82c8b9ff9620ff5b604fcb1917fd2a375a7e1245c7cee77efcddc1a6f5c
SSDEEP

768:tJ9t1FOHCUQwS4J/prAnigbb3Y8JFt+o2iPeuNq32KhcQXxm:fD1FOTprM7g8Jv+Rii3fdXxm

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

aa9487c8f4aa8c606063c2d45e716278146f5379f850f0500c2982d962153634
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

module_get_abi_version
module_get_api
module_get_info

Sections

.text
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ