0fe0af7af3edc1fd1214e596f9566165f2f9c7c988d0194f98b19c01478c3e94 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0fe0af7af3edc1fd1214e596f9566165f2f9c7c988d0194f98b19c01478c3e94
Size

944KB
MD5

2bd6aea78fffd0f6c6e6503e20c86cf2
SHA1

c5b50443a7468fcecd24ae565fbbf40eec704545
SHA256

0fe0af7af3edc1fd1214e596f9566165f2f9c7c988d0194f98b19c01478c3e94
SHA512

3a5aa173d55b39c7328b536857a259250e1c1d3dafaa26215c855368c03baa8ac833c792311cf2d5504153d92c8c1804dd95872051e81e8131c95ddbe53cc4de
SSDEEP

24576:rG6BQjs8sBwVKjSFr5xbWYJJ/leCgxpoIyKaSn8LyaYy+FPgoOce:C6BQI84kK2d5xbWYJneCg7ypQ8Lyy+pS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0fe0af7af3edc1fd1214e596f9566165f2f9c7c988d0194f98b19c01478c3e94
unpack001/out.upx

Files

0fe0af7af3edc1fd1214e596f9566165f2f9c7c988d0194f98b19c01478c3e94
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 935KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ