40bf487addcec57033a2eb8be9a31759df74b728ffe197c5a12e9aee0b8f4f39

General

Target

40bf487addcec57033a2eb8be9a31759df74b728ffe197c5a12e9aee0b8f4f39
Size

1.8MB
MD5

5c0fcd5e4aa637fc217211106ce74aed
SHA1

d29c569fb6f197130bea651c60167fe85232adc1
SHA256

40bf487addcec57033a2eb8be9a31759df74b728ffe197c5a12e9aee0b8f4f39
SHA512

57a7f29ef32680d057d555f31d9329163bbb7ee8ac33c12a376c7707d2aca242890063a0deff045302b2a1c06d56820cfd38955f69ee3c9b09a54efa635aabac
SSDEEP

49152:GtCTLn7sir4qzmYtjMvOQZjxi2lXYafnD+a6c97T:lTXs8lzftjM2QZjxtBYanioT

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/帝骏外传.exe	upx

Files

40bf487addcec57033a2eb8be9a31759df74b728ffe197c5a12e9aee0b8f4f39
.rar
帝骏外传.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 6.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

sJk`Zn/p
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

r)MskoCn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

;KyXST7u
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

P'A>6lHq
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[!U!cAS8
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

onm%K5li
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eF/\'2p3
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

p-cH\tP/
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

+P`EVtV`
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
物品过滤.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 6.3MB

UPX1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 17KB - Virtual size: 20KB

Headers

File Characteristics

Sections

sJk`Zn/p Size: 1.1MB - Virtual size: 1.1MB

r)MskoCn Size: 4KB - Virtual size: 4KB

;KyXST7u Size: 33KB - Virtual size: 33KB

P'A>6lHq Size: - Virtual size: 24KB

[!U!cAS8 Size: 15KB - Virtual size: 14KB

onm%K5li Size: - Virtual size: 64B

eF/\'2p3 Size: 512B - Virtual size: 24B

p-cH\tP/ Size: 3.5MB - Virtual size: 3.5MB

+P`EVtV` Size: 3.3MB - Virtual size: 3.3MB

UPX0
Size: - Virtual size: 6.3MB

UPX1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 17KB - Virtual size: 20KB

sJk`Zn/p
Size: 1.1MB - Virtual size: 1.1MB

r)MskoCn
Size: 4KB - Virtual size: 4KB

;KyXST7u
Size: 33KB - Virtual size: 33KB

P'A>6lHq
Size: - Virtual size: 24KB

[!U!cAS8
Size: 15KB - Virtual size: 14KB

onm%K5li
Size: - Virtual size: 64B

eF/\'2p3
Size: 512B - Virtual size: 24B

p-cH\tP/
Size: 3.5MB - Virtual size: 3.5MB

+P`EVtV`
Size: 3.3MB - Virtual size: 3.3MB