62686e7ff1e1c3875597e22e022bf54fc5f0b1e1aac8208be0f1c087dd155944

Sharing

Copy URL

Twitter E-mail

General

Target

62686e7ff1e1c3875597e22e022bf54fc5f0b1e1aac8208be0f1c087dd155944
Size

7.8MB
MD5

f526bd71c0dd021122f11c619bb9016e
SHA1

c2dea9e218e33672eccfe8d2c6175e509d106d4c
SHA256

62686e7ff1e1c3875597e22e022bf54fc5f0b1e1aac8208be0f1c087dd155944
SHA512

51b38b5ab1f903d8ceb230c9ea40b4fdd98d480693e3d434b8d47d4b9b2090030c179b18b7bf5f7baa244ba306e110138eb38cc2668a99853aa9cd62f04be912
SSDEEP

196608:ZZAA2Pt38fMwlSkPiWnjKZ4EUE/LMKcvST4dTrcLHsSO:ZZAYfMwBJjvZvY4dTr0RO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
62686e7ff1e1c3875597e22e022bf54fc5f0b1e1aac8208be0f1c087dd155944
unpack001/out.upx

Files

62686e7ff1e1c3875597e22e022bf54fc5f0b1e1aac8208be0f1c087dd155944
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

m�C"t�yS��'|Bͬ�RmҼ0�w��{ 6�� )|��Xa�n�-3�� o��s�_b��y�`�W��-�?�U,�{:n�v�D%U%Sy��H��X��0��,18/F1�ڒu�h`Y;�Z�-��Z��t��ϑ�CnhK4jP'h��g4=}ڊ�Ș�60�N�ΒvYag0]��nG�)�Tc�ɕQ�%�?j�l�B�JP��M��g�*0�7��R�w�tӀfL��O�$�� MC)�⫕��Uʄ4R�I��w��!�߬��n�n,S��i�L�3V�ҫ&��]+�jJs[z�g+��Z(Y"�Mܐ�7��:L�C��9j|�X��]��c 0"H�D�F�j�i��93�.�;��'��?c�'��ƺ/��!3��k/ֵf�)j�3b?A��y��l"XW��:��&�0�:�Jb��{�k��1��6�mǗ�R_��ͩ�M�R^�>��e��^@��ɨ&sp0K$+u~Mq�O�a� �~*� ��M�;R�l�ғ6B�ޟ��ư�%i�I�?�]8R�?�'�k��ƫ��u��C_$�+��g�xJ^e��,��{�/cb��(��2P��@!bC�WסiG�F2� �O�֧?:��)� �>��'w��h,��К{խھfqsh�l��q*��\��(��08�� K�b��&�¤ꔖ�;FG!��4��[ �- 8�}��z5�v��?Yb��}ȓx�%��ק��<��H��҇��t�h��u 8b�^A0�A�^��M��#y0�u��Ѫ,��W�,�:� FP��jY�R��Oa%8��[X B�¬��G0��h�V�X�9��}¯��!�ď�0ߎo�O�yb��t=��>�s�LN�h;�X�5�uKӉw��Q�J��s�x�AD��N,��p�&-ӷ$� ɜ4 ��I��Տ3��V��(��Uv�5bq��]��g��P��I��<��ܝ�TOl*1�s%ch�f��Ɯ��uNc�\��F��%��^rgaX3Sb�w��g�Q��eF�3�!{�i��d�yA�OO_��oBq>�z4��M�H|&Z�<��e�Y�(�3�#�\�l��ȣ�Oi��?q2�C>e�ī90z��viȆ`�[d�V*�>ypf��n�>� ��a_pl¢ңV��y�9�"kv��ؠ�hT�6J~��z��]��iS��ZJM2Iǃih�?;�DΫi%z堀J)<v+Հ&�x�DSW��Q�vi6<&"ϕ��>s�ݸ�)�d�p�̛��Z5X��T��pŤ0�6��֥v~,��G��T�� u�h��Ҝ}P)˥Dت�HN3��=�ҧ�m�^ߡ��b�r&]"�"ۭ��{]�z�uF3ݐZ�GoC�皵��vJȪD�� Q�Vi��U_�� LV��m� 5W��b�y��k��}�5�K��+�)ɔ��8ԎZ��ز'��+|π��k]m,�p]�t�>%�<ȧ�<�C�4��s�$��*�{��<yY��cv��n\��BG"��rTi��f[I�q�v�Wsw*5R��u\<˒��F)�?�0}Ig�e��J�M^�2zZ[V��9ZB�؈�PA�)ihmϭD�<�B5\�{�� :�K��o��|AI?�N� 37�p��#��6��/��h��N��p��EjAi��n��?-~�o��~|X��<�Wƿ�7�e�� U"�a ��j]%pB��͛�֙p��D��Q1X��*��X�((��N��#'�ݨ�G\�1��*I�+ڏQ�(|"�TOY�$�~2�/�W7_��#J�F��Kƌ4��fg�f�|tŧ?T�i��Tt伭�:a��!D�C�.��:�� VK�̩z��n��;�kڊ4��b�U^3�@��㬱A8"�w �X�i�j��t�$��K"�.�i{yu��i�p^��2�� *�ב�;�cO�� u�D��|�ӳzm!��U�_��y (]�l̞�_��3'g��<�no�R��F?7ƕQ܀d�ub j��E��Osk ��s��S��k��`6AWR��a1"��o�2�F��p�|��܄�m� [�\��h��][q�E8��Gj��,�/bl۰��gt6��.<��EX&Ij��Rw�B��! GaΣ�]��r�H-��tj�P]��0��>h�T��U��4:X�ž��ء�n�tP�#��l�TW��^Ԙv��z�w%�u��*��u.(_�O�r0{��y��C!��`�j�0 A�(,^�v��}�͟��熑��Iz ��[�_�i��Z@Prz�Vi�K��eP*[��f��)V�v��X��VM��g-a��>�sn<�TR�4��A3U�w9�'Cl7��&�F7��s��g��~�ӦZ�b�Ʌ��2�� Jc�x��:�8j"�:�g�A�(CD�"W��"0��oy��ގ�r~�ؿ�E��x��6=B�/��&��ch��ek��T}Q�(8|9�*��4J�K�sdƏ��y�c��ߠ�L��'��!-��q�s�v�{�7�ϸ$N�Qԡ��K�q��4Da�XaJ�x��x-K@��Ɛ��ϖD#/�H�f��H��/�ʸ62��2��&�� 1�8�n�/�]f~��(�R�>^�r�J�Z-N�N"o�g_��InωFO廓�R0��+��'�B2"F/��7�\ޤ�p��+&��x��q��e��u�f�3�:`��Y��ό��U!h�aT�͈��ܴ�(��\�fc*�f�z�@~�]7Ith�X~B�&"�:��+�D5҇�f��c>��J/7,��rt�y � !q��mH��ޥ�@7݊(Oe��擬�a(`�.

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.moe0
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.moe1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 5.2MB

UPX1 Size: 7.7MB - Virtual size: 7.7MB

.rsrc Size: 126KB - Virtual size: 128KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 76KB - Virtual size: 153KB

.moe0 Size: 4.1MB - Virtual size: 4.1MB

.moe1 Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 144KB - Virtual size: 140KB

UPX0
Size: - Virtual size: 5.2MB

UPX1
Size: 7.7MB - Virtual size: 7.7MB

.rsrc
Size: 126KB - Virtual size: 128KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 76KB - Virtual size: 153KB

.moe0
Size: 4.1MB - Virtual size: 4.1MB

.moe1
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 144KB - Virtual size: 140KB