b75ad294f0f1af16ba22bcb4ca643e06b5e97de030326a59bb1c7be258fac964 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b75ad294f0f1af16ba22bcb4ca643e06b5e97de030326a59bb1c7be258fac964
Size

2.4MB
MD5

da8280b7d556578730d19b0669f52768
SHA1

7dc7566e2c6e08ea2ff677ab468f241af39e58d5
SHA256

b75ad294f0f1af16ba22bcb4ca643e06b5e97de030326a59bb1c7be258fac964
SHA512

676ae3c8149ba276305391e497a87d75a533ee36f4b83905b376abb2c47c2defed3f1ba2afdeedeaed708d55e1d6c80e440e822fc353a30effbad72a4b41aa01
SSDEEP

49152:IRjm+Y9hCfM5wG3SGIx2f+yltjhueW46oV5i5f0uTGigO2Sy0Sx35f0j+UENLVX+:G1Y9hCfM2GJXvj6oV5i7l290SJ5sjNw4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b75ad294f0f1af16ba22bcb4ca643e06b5e97de030326a59bb1c7be258fac964
unpack001/out.upx

Files

b75ad294f0f1af16ba22bcb4ca643e06b5e97de030326a59bb1c7be258fac964
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 880KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

6kj7u8ty
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ