20bf1e88b057930b13759a2eeb1e1910a83b9ef5c8b65c7206254e0f1abb6113 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20bf1e88b057930b13759a2eeb1e1910a83b9ef5c8b65c7206254e0f1abb6113
Size

1.3MB
MD5

40b71705cb8059335a510c1ff2c02906
SHA1

e6e31b94dd75b5d3b3916ea767e3b3d9c39d9999
SHA256

20bf1e88b057930b13759a2eeb1e1910a83b9ef5c8b65c7206254e0f1abb6113
SHA512

c280ccbfaaffe2d3bd3f8ff726a76ed51ba03856400ac2d10cedbfb54cb655d52a99a0938d0725eeebeeebe095950c8e7fef1215d5b63ba005ef6d4654ed24ac
SSDEEP

24576:dua7eslYBXjTIYA72SCa1Kn2ZoYCKMmbAi9moN9nE9YrPT9YO9azS:EXBXI9qSgMCEf9Ny9KYzS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
20bf1e88b057930b13759a2eeb1e1910a83b9ef5c8b65c7206254e0f1abb6113
unpack001/out.upx

Files

20bf1e88b057930b13759a2eeb1e1910a83b9ef5c8b65c7206254e0f1abb6113
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ