3447bcc41dd89ce0ab63ce879ebb3bcaf09d3428416a067f4f170f7d94c15ffa | Triage

Sharing

General

Target

3447bcc41dd89ce0ab63ce879ebb3bcaf09d3428416a067f4f170f7d94c15ffa
Size

408KB
MD5

99e5d9659a6381b60b38872083ff2bd0
SHA1

fff306416db21c6b76aa64b873cf4f0758be5719
SHA256

3447bcc41dd89ce0ab63ce879ebb3bcaf09d3428416a067f4f170f7d94c15ffa
SHA512

3a671a139198f6f8ab58ad3611d502f67cfba3e5642d0175084a8dda145f082c5c9a05f7fdfe2beb3d43697993233a57143bd6a02b47a89dbb3017339e8a04a6
SSDEEP

12288:dRmNG1lcDrqoUXKr7iQROJDE8X6jgly7It3j6i7JIY:dRmMlcnqoUXKXtO+5G/JIY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3447bcc41dd89ce0ab63ce879ebb3bcaf09d3428416a067f4f170f7d94c15ffa
unpack001/out.upx

Files

3447bcc41dd89ce0ab63ce879ebb3bcaf09d3428416a067f4f170f7d94c15ffa
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 832KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 399KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 740KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ