5b3d7c63cac3c7e151dcb37bfaaf2d3024993cb3a7c860449564502cba977613

General

Target

5b3d7c63cac3c7e151dcb37bfaaf2d3024993cb3a7c860449564502cba977613
Size

650KB
MD5

abd913aa5867e1cb30f4ddf7d0de5bfb
SHA1

67a51cfd7e32ac1bab6b4f29a152a7b3ee9c6985
SHA256

5b3d7c63cac3c7e151dcb37bfaaf2d3024993cb3a7c860449564502cba977613
SHA512

71bea5aeacbe728d492773172eb8a97129a408d86ed986572563856e99fac1537b9ce35917e2d3b62f0713926c1c4d4f316bc8245f18a153a323069f931fbc7d
SSDEEP

12288:YXFv/Wwt4+ettZ190c6l34OPRoSnkEx24Ogsstgyki4r+P1aos4+:YF/WwST0L4yR3kEx27kk/r+tS4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5b3d7c63cac3c7e151dcb37bfaaf2d3024993cb3a7c860449564502cba977613
unpack001/out.upx

Files

5b3d7c63cac3c7e151dcb37bfaaf2d3024993cb3a7c860449564502cba977613
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 599KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@Main@Finalize
@@Main@Initialize
@@Unithome@Finalize
@@Unithome@Initialize
_Form1
_Form2
__GetExceptDLLinfo
___CPPdebugHook

Sections

59/Q^xZK
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

uavW[QL(
Size: 53KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

^l$w;y3*
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

#Tt78Jqr
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

WZtOIGEM
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/+F>*L*M
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

o%kd-Tv(
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

N_,,%57!
Size: 249KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

sT[]G%[\
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 599KB - Virtual size: 600KB

.rsrc Size: 50KB - Virtual size: 52KB

Headers

File Characteristics

Exports

Exports

Sections

59/Q^xZK Size: 1.4MB - Virtual size: 1.4MB

uavW[QL( Size: 53KB - Virtual size: 92KB

^l$w;y3* Size: 512B - Virtual size: 4KB

#Tt78Jqr Size: 512B - Virtual size: 4KB

WZtOIGEM Size: 12KB - Virtual size: 16KB

/+F>*L*M Size: 1024B - Virtual size: 4KB

o%kd-Tv( Size: 512B - Virtual size: 4KB

N_,,%57! Size: 249KB - Virtual size: 252KB

sT[]G%[\ Size: 109KB - Virtual size: 112KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 599KB - Virtual size: 600KB

.rsrc
Size: 50KB - Virtual size: 52KB

59/Q^xZK
Size: 1.4MB - Virtual size: 1.4MB

uavW[QL(
Size: 53KB - Virtual size: 92KB

^l$w;y3*
Size: 512B - Virtual size: 4KB

#Tt78Jqr
Size: 512B - Virtual size: 4KB

WZtOIGEM
Size: 12KB - Virtual size: 16KB

/+F>LM
Size: 1024B - Virtual size: 4KB

o%kd-Tv(
Size: 512B - Virtual size: 4KB

N_,,%57!
Size: 249KB - Virtual size: 252KB

sT[]G%[\
Size: 109KB - Virtual size: 112KB