a2179900bcc9cb2eaa68ae3de79902efe6d060f5d7cfa7b3d939d7fef6881e7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2179900bcc9cb2eaa68ae3de79902efe6d060f5d7cfa7b3d939d7fef6881e7a
Size

1.4MB
MD5

a2b4f9699a559651e24907c6be9c5a4d
SHA1

ff4133e6c2055547c41082034454a2f096184ece
SHA256

a2179900bcc9cb2eaa68ae3de79902efe6d060f5d7cfa7b3d939d7fef6881e7a
SHA512

49093f7061700ce90670f7e0f333f7d717c17b58705bbc07df1570389f2526e6ddc22e3cfe81d8d921323b28e777dd4b63dd776e61dd0b01418bcf2b46b2b486
SSDEEP

24576:8HhtV6EMa5HLvbMWFQPcCYluk16YoWmRaA4gGYJxDxYWkzCRcjHjlPwSL:8HhtQO9uPcbHzm8AJxxr7KjD1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a2179900bcc9cb2eaa68ae3de79902efe6d060f5d7cfa7b3d939d7fef6881e7a
unpack001/out.upx

Files

a2179900bcc9cb2eaa68ae3de79902efe6d060f5d7cfa7b3d939d7fef6881e7a
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.9MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ