ff8d84f7afcfc9788d71a93401d0ecae3978c1272d667a9742e2284f0f22b788 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff8d84f7afcfc9788d71a93401d0ecae3978c1272d667a9742e2284f0f22b788
Size

1.3MB
MD5

709a56962bb30c00d00bc4010fef3f61
SHA1

b427e1ebfd7e857cba774cfb32f14633513d0c1d
SHA256

ff8d84f7afcfc9788d71a93401d0ecae3978c1272d667a9742e2284f0f22b788
SHA512

936c6d67480cdafcb6171910911927e564e19af19e70884b21c8be5b61853fb641e2f5f7758f8eb08b6442cb48fda535de55aa005926e59ae972bd082d4b04a8
SSDEEP

24576:GzVDiiFZJLbUFT5csXq+GiuxILCGUIIclYpvPOGDi5UvVys6A/2XSL:GxnMqsdWp3xDicVy5U2X

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ff8d84f7afcfc9788d71a93401d0ecae3978c1272d667a9742e2284f0f22b788
unpack001/out.upx

Files

ff8d84f7afcfc9788d71a93401d0ecae3978c1272d667a9742e2284f0f22b788
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ