4d13a78e19fcccbf0485a799241902836ccc3ef2607a6c2a25fcae0aeb9c51bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d13a78e19fcccbf0485a799241902836ccc3ef2607a6c2a25fcae0aeb9c51bf
Size

14.9MB
MD5

87a27ac089aeb9c6ad9bbec0275cda20
SHA1

208c48df75444aefc3a67c27451b0a9e26e809bd
SHA256

4d13a78e19fcccbf0485a799241902836ccc3ef2607a6c2a25fcae0aeb9c51bf
SHA512

daa2cee02063a64df4bfd8afa0568a17b74a6b5f48ac950e069b356c138d9ea0419aefaed7be8c954ca9e513c182d36014463ced003b14a63731d4d74bfc883f
SSDEEP

393216:j0ZICJ3BpbXU1oAucTb644PeMs02yHLoCboyMUZvl6GZ:j0ZIO3Bpbgosm44PGTErbuU3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4d13a78e19fcccbf0485a799241902836ccc3ef2607a6c2a25fcae0aeb9c51bf
unpack001/out.upx

Files

4d13a78e19fcccbf0485a799241902836ccc3ef2607a6c2a25fcae0aeb9c51bf
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 640KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14.9MB - Virtual size: 14.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 964KB - Virtual size: 961KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13.8MB - Virtual size: 13.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ