cf08f0fce6a63dedbd3f61a90411b7513a82b905c519a296962b5f83a8e2e6a3 | Triage

Sharing

General

Target

cf08f0fce6a63dedbd3f61a90411b7513a82b905c519a296962b5f83a8e2e6a3
Size

1.8MB
MD5

78526cc8de6c299116f367267f07bf98
SHA1

3a61dfa6c922530cb3088e93dbfc4e8216f120b2
SHA256

cf08f0fce6a63dedbd3f61a90411b7513a82b905c519a296962b5f83a8e2e6a3
SHA512

07035ef574a7ed1ccf60fe3681a9fb89eb86547d9d22f199b76ea1ab2d9a4f13f1fbe91255a948fdc3431ef3fca3f1a6fe1008450d78b463485e345dcb8b321f
SSDEEP

49152:2TwBmTFtaT5NG2U7hFO6HsWJ8tUQtFfXp5SzRd:NBQtadw2U7ho8sWGeQtFfZ5SzRd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cf08f0fce6a63dedbd3f61a90411b7513a82b905c519a296962b5f83a8e2e6a3
unpack001/out.upx

Files

cf08f0fce6a63dedbd3f61a90411b7513a82b905c519a296962b5f83a8e2e6a3
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ