9063b97adc32ae82b9e392271ff458dbcc8a6cf9abba24102b4d20531fac8a71

General

Target

9063b97adc32ae82b9e392271ff458dbcc8a6cf9abba24102b4d20531fac8a71
Size

551KB
MD5

cfa4b54de78963e608fee0778aaa035c
SHA1

0e6d2bf4cdca4791f0aab852b661887b303d98d5
SHA256

9063b97adc32ae82b9e392271ff458dbcc8a6cf9abba24102b4d20531fac8a71
SHA512

84ea81d7428f7fe35c4c5478ac34225fdfdf3bc13973432432232a7c820d69e3e686a8cafb0d5d2ccc7fb6053a24ec0b7f7e43bc620e79f11791697126c1af07
SSDEEP

12288:fBBmppvi9VW8+fyEEkIkojxFb1lyUiB0JDBVrXCe0L5DuCOfChcKC3btwpn0441t:jfW85EEk5ojxFb1ly8JDBYDEICrte04e

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9063b97adc32ae82b9e392271ff458dbcc8a6cf9abba24102b4d20531fac8a71
unpack001/out.upx

Files

9063b97adc32ae82b9e392271ff458dbcc8a6cf9abba24102b4d20531fac8a71
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 542KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@Main@Finalize
@@Main@Initialize
@@Unithome@Finalize
@@Unithome@Initialize
_Form1
_Form2
__GetExceptDLLinfo
___CPPdebugHook

Sections

-Sj4O6$@
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PQrSgsQ3
Size: 53KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

R:5v6fh?
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jq$T,Zo^
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

e[fvCDQ-
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Z^*q+>QQ
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.*U`F;BY
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

!BL#PhTL
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

aA2@8&Dk
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 542KB - Virtual size: 544KB

.rsrc Size: 8KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

-Sj4O6$@ Size: 1.4MB - Virtual size: 1.4MB

PQrSgsQ3 Size: 53KB - Virtual size: 92KB

R:5v6fh? Size: 512B - Virtual size: 4KB

jq$T,Zo^ Size: 512B - Virtual size: 4KB

e[fvCDQ- Size: 12KB - Virtual size: 16KB

Z^*q+>QQ Size: 1024B - Virtual size: 4KB

.*U`F;BY Size: 512B - Virtual size: 4KB

!BL#PhTL Size: 104KB - Virtual size: 108KB

aA2@8&Dk Size: 109KB - Virtual size: 112KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 542KB - Virtual size: 544KB

.rsrc
Size: 8KB - Virtual size: 12KB

-Sj4O6$@
Size: 1.4MB - Virtual size: 1.4MB

PQrSgsQ3
Size: 53KB - Virtual size: 92KB

R:5v6fh?
Size: 512B - Virtual size: 4KB

jq$T,Zo^
Size: 512B - Virtual size: 4KB

e[fvCDQ-
Size: 12KB - Virtual size: 16KB

Z^*q+>QQ
Size: 1024B - Virtual size: 4KB

.*U`F;BY
Size: 512B - Virtual size: 4KB

!BL#PhTL
Size: 104KB - Virtual size: 108KB

aA2@8&Dk
Size: 109KB - Virtual size: 112KB