4e152479e4e9620af93c0f80e0db49d7d1014afff9cea0407620f523f92064af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4e152479e4e9620af93c0f80e0db49d7d1014afff9cea0407620f523f92064af
Size

1.4MB
MD5

b01c1c01b0e692b5057685f48eb15922
SHA1

9002993839b9487159ba541aaf29f7fb1501f88a
SHA256

4e152479e4e9620af93c0f80e0db49d7d1014afff9cea0407620f523f92064af
SHA512

8317f5e49253eb3943e85e87c5b92d995cecb872ddbc37ba00b0eb0d797374dc620809b884be92e708c03285a07b50f072f280ec6f006bbba7fcee4f856df6a6
SSDEEP

24576:egyJtiQmm5+6LzJY/lVnq3Hp+ScOSB8cmW0u58Vq5SCs/V6sH8WEU/46rrSllH:EPiT6f3Hp+lN8cmW0uQq5SF5H8WT/46+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4e152479e4e9620af93c0f80e0db49d7d1014afff9cea0407620f523f92064af
unpack001/out.upx

Files

4e152479e4e9620af93c0f80e0db49d7d1014afff9cea0407620f523f92064af
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 620KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 992KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ