38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef | Triage

Sharing

General

Target

38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef
Size

12KB
MD5

67b9d09134d7df3e3dd1ee35f60a6d4d
SHA1

45eda1306d62b6799d1ba8baca1be2afae2a9e95
SHA256

38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef
SHA512

da5a8105156a87dd677894a5f73a000329c08106af2477b3052b780c3c8523b244725aca690d1490590e24c3bb0bc0efa5a37e19fb3d737af468862223c60b6e
SSDEEP

384:9hF6VogOxpjamJoww60CCdUiSA/Xf8ygIJx7ShE:rES9jDql7XZgIum

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

38e00c9711bed2817a339f2f31331aff228890741a92bcc55dfe29cb2cc4d0ef
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

KsCreateAllocator
KsCreatePin
KsCreateTopologyNode

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ