624d9ebe218faa06c27e0f101f41c023b20706a29e3d888078fc9e8aab05e153 | Triage

Sharing

General

Target

624d9ebe218faa06c27e0f101f41c023b20706a29e3d888078fc9e8aab05e153
Size

578KB
MD5

97264ca263610d4317be78f3fbf601c4
SHA1

b70d14920eb42cf54ab3f1b3b325ca4a19c8f2e8
SHA256

624d9ebe218faa06c27e0f101f41c023b20706a29e3d888078fc9e8aab05e153
SHA512

e50c58091b61262eab169f604ee4f0ad4a1d3ef10b2c94e65012238b0bb74358302c6ddc67a3ca19592b5cf95217c12a97372dc8c488f06e94ca46dd4e450b3a
SSDEEP

12288:a8w1kRwQssQr0PZCHojWSJfXisgnOTe4VTQhbejiLEraPT:a8pRwQssg0hiojjfSsgnOTVhQhahraPT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
624d9ebe218faa06c27e0f101f41c023b20706a29e3d888078fc9e8aab05e153
unpack001/out.upx

Files

624d9ebe218faa06c27e0f101f41c023b20706a29e3d888078fc9e8aab05e153
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 912KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 466KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ