544cd5bf4d9c705c930969c648084fb64f3b77e97477518c7255ddea982239d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

544cd5bf4d9c705c930969c648084fb64f3b77e97477518c7255ddea982239d5
Size

5.7MB
MD5

87b2a78fcf202f2bff658770dc766b42
SHA1

06bc444e6cd05053549f632031fc864183fb8173
SHA256

544cd5bf4d9c705c930969c648084fb64f3b77e97477518c7255ddea982239d5
SHA512

b5f3e16c687b38d6524e8280ea75ed44dd335e24553a01e58cd4cf5b7ecc687c678a8f1147511456518cbbbb1a9737ec34055dc420a048be13d81b80f7548853
SSDEEP

98304:Ye5Iws9z+Xn778Usnv7uoNeX0+gvCCtaOWRAvMJOhaQUauXXSeEZYaUV/GiCEo4:Ye5IAXn74P7uk+MCXTE4ndXLaYacGiCw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

544cd5bf4d9c705c930969c648084fb64f3b77e97477518c7255ddea982239d5
.exe windows x64

Code Sign

42:17:a2:b6:07:09:12:af:4c:3b:63:4f:4c:da:75:98
Certificate

Issuer

CN=Free

Not Before

20/06/2020, 22:24

Not After

31/12/2039, 23:59

Subject

CN=Free

20:0e:70:22:1c:b6:0a:94:00:8f:48:8b:6a:42:a8:c5:e8:9b:ed:b3:f1:9a:6f:f5:5a:75:e8:f6:c3:4e:20:82
Signer

Actual PE Digest

20:0e:70:22:1c:b6:0a:94:00:8f:48:8b:6a:42:a8:c5:e8:9b:ed:b3:f1:9a:6f:f5:5a:75:e8:f6:c3:4e:20:82

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Free

11/05/2023, 10:11
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE