e88fbbdae8020b9c3357972954979c5331a6ae4020d6c8a01af6d685d9734bac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e88fbbdae8020b9c3357972954979c5331a6ae4020d6c8a01af6d685d9734bac
Size

873KB
MD5

546d2fb405c5b4d843875e9af846fcb1
SHA1

cb653ed8dbe10fba6695718a2bb228f9832533ee
SHA256

e88fbbdae8020b9c3357972954979c5331a6ae4020d6c8a01af6d685d9734bac
SHA512

4e8e0521927ad1a8b0bbcaf8b183d2c0ed0cda96bbab02482851e6d66631d0e1eceb9d791d3b3ccfa7f68207779600fcdff9ef90b8ecceb24472bb7c94f70d15
SSDEEP

12288:qSt/Sp4Bd2Qe3D2XgftD4fGWTBjHq0WP39cVsJhLPuF3FCFa:Ligbe3D2wftD+HDqL9zmV0M

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e88fbbdae8020b9c3357972954979c5331a6ae4020d6c8a01af6d685d9734bac
unpack001/out.upx

Files

e88fbbdae8020b9c3357972954979c5331a6ae4020d6c8a01af6d685d9734bac
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 710KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ