03564d23e2fb4d6b6d5c5a2bd20566a68f1865a4ba8ae82adf74c1bd352f2a7d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03564d23e2fb4d6b6d5c5a2bd20566a68f1865a4ba8ae82adf74c1bd352f2a7d
Size

2.0MB
MD5

aa288af92bd6495c1d7708bc150b00ff
SHA1

1254fcffdae33c87352eec94fb9aa24803971bf1
SHA256

03564d23e2fb4d6b6d5c5a2bd20566a68f1865a4ba8ae82adf74c1bd352f2a7d
SHA512

5efe32c6747cbd16cf221a8b892fa5883ebc432b3c2ffb9e240e78404647aa1088b5653e63651824aac99934f5b64a891d4468f106f1f0d771280002a9ad90e8
SSDEEP

49152:Cn1YUNL/qih95hCqUmpOOSLtOUD1m6QJkHBZu7dY5ROk9Kq:+YAL/fh9nfUmpO1wUDA6CqBZP5R4q

Score

9^/10

upx oss_ak

Malware Config

Signatures

detect oss ak 1 IoCs

oss ak information detected.

resource	yara_rule
static1/unpack001/out.upx	detect_ak_stuff

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
03564d23e2fb4d6b6d5c5a2bd20566a68f1865a4ba8ae82adf74c1bd352f2a7d
unpack001/out.upx

Files

03564d23e2fb4d6b6d5c5a2bd20566a68f1865a4ba8ae82adf74c1bd352f2a7d
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ