38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846 | Triage

Resubmissions

03-08-2023 23:48

230803-3tkvcahg2z 10

25-06-2022 21:01

220625-zt7sbseab3 10

Sharing

General

Target

38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846
Size

293KB
MD5

0834595393a68716e6af02c86fed22c0
SHA1

a1226559a99cec3fb44ca57f7b5afd063d64f46f
SHA256

38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846
SHA512

8f4bf0615725b59b51b6d462f48aad96a3fb57d72747c587251396ddef0370e5f3615459e4884083f60c88bc12fd7a91d3fbbafced05f8194227bb6ea707acdc
SSDEEP

6144:pftVa3cs0EUsc+w52S2z10iYAtCxALslEtkGxcmRdgyuK/6l8ID4:RuvFUsn02SS/CKLsStnmmRdg18ID4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846
unpack001/out.upx

Files

38227cba098cf881b7ccb7cbce2228ac0aa4577894167cc6bbbfb5f3ca4cd846
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ