b7198c03d9c54e5afe8def43124d29602b9a5c0fb6d7728b18df0a6a9f04e7cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7198c03d9c54e5afe8def43124d29602b9a5c0fb6d7728b18df0a6a9f04e7cf
Size

266KB
MD5

6ca3b3e035ff5758708dc726d3582652
SHA1

9b963d5f10336836a4dae6f99dc23088b5533fea
SHA256

b7198c03d9c54e5afe8def43124d29602b9a5c0fb6d7728b18df0a6a9f04e7cf
SHA512

fff4d3c07addbdb7b73761815865275a04b6724ef1ebe2d3d53c5a92d9c911bfd108253837b2c99cbd23e7d9e2ced6bff28aa7bbcbd181683280e750f9a4d817
SSDEEP

3072:UNXEGZJWhfNFC4S60+XoLczrVmXirXPIX7te5nEfZNL+C5LYZNO5McAx9LG9qH0W:iXzKdNY49u8rVdTnl8Mi5Mcw701net

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
b7198c03d9c54e5afe8def43124d29602b9a5c0fb6d7728b18df0a6a9f04e7cf
unpack001/out.upx

Files

b7198c03d9c54e5afe8def43124d29602b9a5c0fb6d7728b18df0a6a9f04e7cf
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ