f7596484d1696a176044e6ac369c835e0308457e33f6b54af2df6e328a3e90c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7596484d1696a176044e6ac369c835e0308457e33f6b54af2df6e328a3e90c1
Size

49KB
MD5

4666d0eaa79b013bda1db249c0f612a8
SHA1

e9b61c607fc8e361306dc6a82ab46cf78f6d39c4
SHA256

f7596484d1696a176044e6ac369c835e0308457e33f6b54af2df6e328a3e90c1
SHA512

8c85ddaea6bd2a0c8dcbe3dd65094ccbbab6cb99a86a9fc4f7a6aec5a5e77e8fe32fa2e9dc2c81692ffab00c6a11c9f80d1599f649e06535c8f49039d8c9c104
SSDEEP

768:PK6ANYW9TJFS3rVLds+HVXX6RulgmfsuD21GkYTYYYR5SYqumWJuC/INWB/N50VB:S6ANYaFS3JLdx5oMvxGECgQ/N50Vtf

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

f7596484d1696a176044e6ac369c835e0308457e33f6b54af2df6e328a3e90c1
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ