df3a6adaae5f80220d1e5c209cc5573ddf83f8d744938562fb6df2d9cda2e058 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df3a6adaae5f80220d1e5c209cc5573ddf83f8d744938562fb6df2d9cda2e058
Size

1.7MB
MD5

e61fd9dbc87e0fa0d2590fbe98d05f20
SHA1

ae3993dff90737af6cd8dc4e514d1684b0123b90
SHA256

df3a6adaae5f80220d1e5c209cc5573ddf83f8d744938562fb6df2d9cda2e058
SHA512

bcafca649c4463d0e4ab8994f1253588f2369a17897c782d7421ca3d8fac2f578e9f627bc4ad5d7775afa4945af9c028683a5506515e171a6add53974be2aef5
SSDEEP

49152:zmL6N7u5vQ0E2fWu2O6fax96Ay5an6I/N:z+CiNQ32fWY2ax9Jy5an6I/N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
df3a6adaae5f80220d1e5c209cc5573ddf83f8d744938562fb6df2d9cda2e058
unpack001/out.upx

Files

df3a6adaae5f80220d1e5c209cc5573ddf83f8d744938562fb6df2d9cda2e058
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 860KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ