71c4690a52816807b9c196d6899964c489232b97108ccfa3770cfd345fc9b984 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71c4690a52816807b9c196d6899964c489232b97108ccfa3770cfd345fc9b984
Size

11.5MB
MD5

a2275b3301e256b15bdf8acb8d50f675
SHA1

bbf5bab4c12d6c984a16567fbbbbc0427137fda3
SHA256

71c4690a52816807b9c196d6899964c489232b97108ccfa3770cfd345fc9b984
SHA512

668422f78780de3181aa0caf777de739a30dd626dfe6cd4598be49bdb4560037895c1d6335171f1cfa663ab8ea9a2f7f0e23dca3efa3a06e546c8e6c6bf673ee
SSDEEP

196608:OuYQsybnwzHkFn5dnYAF3VanI0+J4EG3x81455Xt9eDbZJdiQZnCXAmwAFQNnfpz:nZwzHkFLn7yIX7GB81w9urmwiwnBcn2b

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
71c4690a52816807b9c196d6899964c489232b97108ccfa3770cfd345fc9b984
unpack001/out.upx

Files

71c4690a52816807b9c196d6899964c489232b97108ccfa3770cfd345fc9b984
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 20.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23.3MB - Virtual size: 23.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ