CloudSchoolPlatform_Student+Runtimes_Setup[.]exe | Triage

Sharing

General

Target

CloudSchoolPlatform_Student+Runtimes_Setup.exe
Size

212.7MB
MD5

66c2d02a178f54ab86e142fb31a94fbd
SHA1

62fb728d6d4089027fc4ce69dacd5048e5d53e28
SHA256

e73471b448ab7a3314a4d72f6a192cf7815bbd4bac70a15799e919af78e060bf
SHA512

b4e404e5d4cbf3391fd071e1e749b26cbcbc909a244f83bbad70fdcc60b6aadffbe0688f7415bebac8dde095eb6557f3d4557974073c0fe195cac57d08370025
SSDEEP

3145728:RiSD1qI2lHl9oBeBEgZA+UtYiXdX/UJs7Io+Vk3PRstfYkbOQQTZO4U7lofcUUoc:8OqDl8QS2A+IY6dX/Ws7uVkShTlYUF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
CloudSchoolPlatform_Student+Runtimes_Setup.exe
unpack001/out.upx

Files

CloudSchoolPlatform_Student+Runtimes_Setup.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ