1d686ef4643d8000e30ee8dc1c358ea4493e43b5ec41f0584349c6e1e6b2a6c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d686ef4643d8000e30ee8dc1c358ea4493e43b5ec41f0584349c6e1e6b2a6c8
Size

9.7MB
MD5

048dde7e66935506d2d93e6c8a11462c
SHA1

328b02c41275250a70b1d1370040d619a78d62f5
SHA256

1d686ef4643d8000e30ee8dc1c358ea4493e43b5ec41f0584349c6e1e6b2a6c8
SHA512

7d5415d94086a7d29c1eb8e85aa550f63db1653e105a77f978afe24adb7b80fbdf1db35f734bd604cd63d1e845001f217a12f7b7e23d8ff6038596a61ad2d514
SSDEEP

196608:9wCdpQb0jwbUZjkUuqI4zkbYzknsemp61sf6Lg2TQ586ytvBrhE5bh:dsbyQykHwkqjW17LQ8vtvBdE5F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1d686ef4643d8000e30ee8dc1c358ea4493e43b5ec41f0584349c6e1e6b2a6c8
unpack001/out.upx

Files

1d686ef4643d8000e30ee8dc1c358ea4493e43b5ec41f0584349c6e1e6b2a6c8
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.0MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ