7587203bff65dc6f596398e53bed21ffbef03af65f8d58d8c85cbc26fe0f8808 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7587203bff65dc6f596398e53bed21ffbef03af65f8d58d8c85cbc26fe0f8808
Size

182KB
MD5

1ad6cb85c3ea1dcc6144ea8e4ecd39e5
SHA1

1f539eff83de4898681195fdf7c5b9d1e76ca702
SHA256

7587203bff65dc6f596398e53bed21ffbef03af65f8d58d8c85cbc26fe0f8808
SHA512

87f71b6b39ebb26eca353aa801d660a62305238535fa5249dfb686aaf263913774b999a4e2d6a03215761698bd1d53f56059c32ce8656db135a745f1b9c94f9e
SSDEEP

3072:v2vTIyAjtVTNaPAm51VEa8vS3z2INr8lx5zhb2cLKK/6mRa+vmrpg4u8I:UI1jPTNQ/Vl6S3CIYVScLKK/6mRa+vm6

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

7587203bff65dc6f596398e53bed21ffbef03af65f8d58d8c85cbc26fe0f8808
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 485B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ