324585931e87dd8d9b233a5abf091848daa18975e0f08f81f383efe793b35202 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

324585931e87dd8d9b233a5abf091848daa18975e0f08f81f383efe793b35202
Size

502KB
MD5

d29e8aa2ff30f6ed9db27757f970d622
SHA1

e1f4bc81cf3360fe9e0ff3c365c677edb5545409
SHA256

324585931e87dd8d9b233a5abf091848daa18975e0f08f81f383efe793b35202
SHA512

f2fbb7b8c424fd8fe3d25ec9c4d55799fde39981ef9bec4aac0295860d9a398e8da6495c499f32c232708d50a3fbbe586cf67bce087d6a07adf62ae268551840
SSDEEP

12288:XHT0lQIEy5RX925LzYul+iTYchPY2Jk9CMW/3RbvuO0oJ+KbLka:3T0lLEyI5LJ48YcBJWE3dDvzka

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/【草草】空间发表iPhone 6说说工具.exe	upx

Files

324585931e87dd8d9b233a5abf091848daa18975e0f08f81f383efe793b35202
.rar
【草草】空间发表iPhone 6说说工具.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 872KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 502KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 740KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
更多软件下载.url
.url
飘荡软件.url
.url