cf851ff5dda3289323c0e23ab7e70b8853fe35b8c570b27d7fc7ae327e45a1d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf851ff5dda3289323c0e23ab7e70b8853fe35b8c570b27d7fc7ae327e45a1d8
Size

97KB
MD5

6aee71020bb244aab00139b547a31f0d
SHA1

b68ade2ccaeeb0f20ee45f573dc1a04ebaf91a22
SHA256

cf851ff5dda3289323c0e23ab7e70b8853fe35b8c570b27d7fc7ae327e45a1d8
SHA512

ad293b4d2fcdb1d98704db3824a0f045e7010d9092c3a250fe3cd07f788a28aee2ef1b9d007bc932f4a730b4d2afdaa6f4ff4f88ee8d5b83d63cc587f9267db1
SSDEEP

1536:AsA9mYfvc64WptzNboDlOZezVhHN0tu+Pk4dSFFCFVqncUWbC0JR1gu1vd:AsmfvyWTzp/epRN0tMYm0j1D1l

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ppi.exe	upx

Files

cf851ff5dda3289323c0e23ab7e70b8853fe35b8c570b27d7fc7ae327e45a1d8
.cab
RESHAD~1.EXE
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 344KB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
ppi.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 224KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE