5daebd9f55baed28d17a55c5daa951ab6e2d93a15567d6b8b201218058a9f89a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5daebd9f55baed28d17a55c5daa951ab6e2d93a15567d6b8b201218058a9f89a
Size

103KB
MD5

d7a39b555b1b7b134669147b9b369aaa
SHA1

e1cce34d1d5008cf0f6dee83485411dea2e0af08
SHA256

5daebd9f55baed28d17a55c5daa951ab6e2d93a15567d6b8b201218058a9f89a
SHA512

e7a346725b8aaab64fe2647eb0b565c4dcea589533afcd8acffe682dc5590d579c1bb6c124f6c7f5efdf2212ef9bf6b013aaa02534050e406d870bfe20138ed1
SSDEEP

1536:JAfVZ5wk5DZMlg8dsEskIv4av/iWDhQmojc5BGz7y+EqNsiY6L6NzvvkutFD:JsTOWHv4av/iWFCeGz7zLNjY6L61lt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5daebd9f55baed28d17a55c5daa951ab6e2d93a15567d6b8b201218058a9f89a
unpack001/out.upx

Files

5daebd9f55baed28d17a55c5daa951ab6e2d93a15567d6b8b201218058a9f89a
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ