bfe6f76094fe89c9ca2a8f3e30ad70318206617f48467d978e799df15339120c | Triage

Sharing

General

Target

bfe6f76094fe89c9ca2a8f3e30ad70318206617f48467d978e799df15339120c
Size

1.7MB
MD5

7477ac85d001194c8fdadf96ad337f1e
SHA1

083a8248f5c20e6266abeaa19c7668853d770f32
SHA256

bfe6f76094fe89c9ca2a8f3e30ad70318206617f48467d978e799df15339120c
SHA512

733549d891ec8f74a2da52fbb318c831ff6e9ff98b5f062d39b6f179443d52f5f247878aa01d4e7b41ef7399bffed3e68b330a19e48daf21972d0e2c42f322eb
SSDEEP

49152:XnLb3ntPQsSJMI7+u9xPeGSK5d4rJij5xBM6HY/hrn:7bpAl+GxPZSKH4rJmTBM6HId

Score

9^/10

upx oss_ak

Malware Config

Signatures

detect oss ak 1 IoCs

oss ak information detected.

resource	yara_rule
static1/unpack001/out.upx	detect_ak_stuff

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bfe6f76094fe89c9ca2a8f3e30ad70318206617f48467d978e799df15339120c
unpack001/out.upx

Files

bfe6f76094fe89c9ca2a8f3e30ad70318206617f48467d978e799df15339120c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 790KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ