790a8cc7bb1f24ebe6e4161791a538b35700a0704c409800415d8b6a5f9b9e60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

790a8cc7bb1f24ebe6e4161791a538b35700a0704c409800415d8b6a5f9b9e60
Size

776KB
MD5

312afca891eddd9d2379bd8803d12037
SHA1

3a9a9e0c28cfdeb287196d3c08ceed6807d792db
SHA256

790a8cc7bb1f24ebe6e4161791a538b35700a0704c409800415d8b6a5f9b9e60
SHA512

0a7488433b546691b2de70b8fe5d9405a9b63a5569b8cd036df5dc9bd964ca0abf129cd4331ed6d7fdf98360a54eacab20aba7db37fe2b0eef58ec2c77140638
SSDEEP

24576:Y97b+t+/aXMiy+ueLwUIFOCTaTLBfhr7lr5:nXhpxLw/Xo9Jrp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
790a8cc7bb1f24ebe6e4161791a538b35700a0704c409800415d8b6a5f9b9e60
unpack001/out.upx

Files

790a8cc7bb1f24ebe6e4161791a538b35700a0704c409800415d8b6a5f9b9e60
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 759KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ