d16fb66a8fd2177425b1a992fcfad742562b740c3800729a7fffc48ddbc2b058 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d16fb66a8fd2177425b1a992fcfad742562b740c3800729a7fffc48ddbc2b058
Size

17KB
MD5

aee75b75887415cf55acfab3d1854a4a
SHA1

6eb8efdace35496f22f7bccbb34aecfcf7bde5bd
SHA256

d16fb66a8fd2177425b1a992fcfad742562b740c3800729a7fffc48ddbc2b058
SHA512

6800a5890a90638195229e580fd9147439c329be7202492db3eccf9a5931254204ba82a4b1b4807d544b68526d531e6addbb6b8f6e9d2cef12d0384fcfafacad
SSDEEP

384:nfaq68akYT4pgbXGBXVknq/0p/A7aCtJOLW2K/AFghBzLpyqK9b5+:fF1bp7XVCggudtJOLW6MptyT9bg

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

d16fb66a8fd2177425b1a992fcfad742562b740c3800729a7fffc48ddbc2b058
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Hookoff
Hookon
InstallService
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ