381fc8964e7c51ddbc435522489ff6ab_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

381fc8964e7c51ddbc435522489ff6ab_JC.exe
Size

352KB
MD5

381fc8964e7c51ddbc435522489ff6ab
SHA1

6f47fdfc313baa1eacb35e6e5547b00a10e94b99
SHA256

d764d7effeaf3963e0e5a01a083f0bc6970f70fc13e5d9853e241930c885bfe7
SHA512

73d171c2811ffedf7c08f3cc787a58d34c0f15b72002a136e855194d1e13986adb9822cd2250e648e4f2c141137c1519d34988890654520d4a1ece5f012f4fae
SSDEEP

6144:vIGEnprZkRs38t54c6rzNdfbIGEnprZkRs38t54c6rzNdfd:vxEnAR9343xEnAR934B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
381fc8964e7c51ddbc435522489ff6ab_JC.exe
unpack001/out.upx

Files

381fc8964e7c51ddbc435522489ff6ab_JC.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 612KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ