59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e | Triage

Sharing

General

Target

59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e
Size

19KB
MD5

cc075c6dc920a1a1cae8d863171a60f1
SHA1

0a52dc86f9ed82403350e73a25a74a32bebf35b3
SHA256

59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e
SHA512

acc1d619434b269d63359dbc2531974a91b2d6ac15cd99197d29f62fc4b45edbecb18ea69dc5efcd0a9a3c85d83b803b5db2a827b1249cad88c7c58de19d167b
SSDEEP

384:saToxkB7ackZDdRrRLZ7ONm8422AQOHFY9KShPHixHVRAi7flShSSPfq:BR+jP9ZSTr2klmExtS9S

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

HHHH
InstallService
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode
UUUU

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ