9d58c8f9fb132cfbee97ba6fec248f3e82bff4e86cbfb34a68758054c3c99c34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d58c8f9fb132cfbee97ba6fec248f3e82bff4e86cbfb34a68758054c3c99c34
Size

3.6MB
MD5

035438caa12d30f2c82270f476e79692
SHA1

bb30b78c9c7242f4f8e952e06de3ef5af682bf15
SHA256

9d58c8f9fb132cfbee97ba6fec248f3e82bff4e86cbfb34a68758054c3c99c34
SHA512

d9efee4b3970e2d27ae861bac425312d48125fcea50883cea8feab08ed0a56b8792ac54dd64586b48299d132b0e26bf022f5695bd9b7c0ae1677f0e0e66ef4d5
SSDEEP

98304:2aYNPokZQYS+8zvTY7NRqSZU2mg0UlMmIPw94vauRH+A:UgkZQYgY7/ZLmghGTHf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/PDF工具.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PDF工具.exe
unpack002/out.upx

Files

9d58c8f9fb132cfbee97ba6fec248f3e82bff4e86cbfb34a68758054c3c99c34
.zip
PDF工具.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ