5e8bcafdcc1106eb8e8f04e64f0b1dc479b1338b1c117f5c6800a67fcea7129e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e8bcafdcc1106eb8e8f04e64f0b1dc479b1338b1c117f5c6800a67fcea7129e
Size

266KB
MD5

8fe213a65f17bfb2d3b306a73c70e556
SHA1

f82a4fcb08e9d4224af3e0372b909558e483cb54
SHA256

5e8bcafdcc1106eb8e8f04e64f0b1dc479b1338b1c117f5c6800a67fcea7129e
SHA512

b7e829128cd386848a46cd49c64af16c54f799b341cad70e75a02698d0bc21be5dd8c61ab6c586f74239c7c0f175927290d02ec6b4fb2f6c343ba527a0356f81
SSDEEP

3072:XNXEGZJWhfNFC4S60+XoLczrVmXpoge5nEi9ZP7aPQ8ug0x3xS6HkLC6H01ne4PK:9XzKdNY49u8rVF5qMg0x3jS01net

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5e8bcafdcc1106eb8e8f04e64f0b1dc479b1338b1c117f5c6800a67fcea7129e
unpack001/out.upx

Files

5e8bcafdcc1106eb8e8f04e64f0b1dc479b1338b1c117f5c6800a67fcea7129e
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ