ec43d1b21b5aa1f46ecf8d87d42b3512ef8ab1238dce21f957e4d2b7f48d199e | Triage

Sharing

General

Target

ec43d1b21b5aa1f46ecf8d87d42b3512ef8ab1238dce21f957e4d2b7f48d199e
Size

1.3MB
MD5

94a84716982065ee4cd63f9771c6f393
SHA1

2c85a761c0b08213ba51b0834fe5c2d91c829845
SHA256

ec43d1b21b5aa1f46ecf8d87d42b3512ef8ab1238dce21f957e4d2b7f48d199e
SHA512

597c63f0387a131ff92d0ed2862f3cb495159fa65418be92c89bc4fc32a0d6af485af5e4cdb429b0e8ee07b2147b769332813e9b8035edb4a7d6a2a44e6b833c
SSDEEP

24576:UlKUaRL9e2/tgjto4mop2S1Jdhegf2h/LyGOn25big2D:6iR7lKmq7dhBSLyGOnuig2D

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ec43d1b21b5aa1f46ecf8d87d42b3512ef8ab1238dce21f957e4d2b7f48d199e
unpack001/out.upx

Files

ec43d1b21b5aa1f46ecf8d87d42b3512ef8ab1238dce21f957e4d2b7f48d199e
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 648KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ