urelas | 563c5fdc02ea854fb8c9565a85646150_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

563c5fdc02ea854fb8c9565a85646150_JC.exe
Size

199KB
MD5

563c5fdc02ea854fb8c9565a85646150
SHA1

85d07ff6eec0742df1de4d39a8eb7a5c5f4b7c05
SHA256

97bb52c1d011b31538879c689b20fb5d3acabc1f6d9a0f260f3cac1d149bdc74
SHA512

42eced5a78b069dce2d3f585bfe371eac120c66fed7bd7c9af62723efcd81327c54d78c70885c6372e4854ba15fb2b62d48c02d65f3b3561cdc9cb3c2fbdf976
SSDEEP

1536:Ti+N6u0utYGsoK2mEGIBp+WWN7YfEj77iZ76vVGU2AjZ1g9B5McLaRQLd764cGPG:eYYutRQSc/7c6tJZm9B5MuaRQLd7643e

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
563c5fdc02ea854fb8c9565a85646150_JC.exe

Files

563c5fdc02ea854fb8c9565a85646150_JC.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE