4dbcbf5c887dd46a5069a4d6c1db336eaa2d53ba57f32f3feb86034e721b26b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4dbcbf5c887dd46a5069a4d6c1db336eaa2d53ba57f32f3feb86034e721b26b8
Size

266KB
MD5

5d6d0bbe42f942fc3c80c6bc52426f13
SHA1

85fadb67ae37a8989a4048af662d629f4e5f8353
SHA256

4dbcbf5c887dd46a5069a4d6c1db336eaa2d53ba57f32f3feb86034e721b26b8
SHA512

65453a36e83200b534d84d38f9cd59f0675caf6bf2c0f83624c0cae4e5e17de92ec4ab6b07ea544ca59d03107f4641bc9e3f6b874d8fbde9920a0dac19d54ce8
SSDEEP

3072:rNXEGZJWhfNFC4S60+XoLczrVmXlnywJoxZmWWQW/4aAoD1gad/gBh/SpiATH01Q:xXzKdNY49u8rViJm4t4wxYBh/U01net

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4dbcbf5c887dd46a5069a4d6c1db336eaa2d53ba57f32f3feb86034e721b26b8
unpack001/out.upx

Files

4dbcbf5c887dd46a5069a4d6c1db336eaa2d53ba57f32f3feb86034e721b26b8
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ