ebeefe73fdf6d341683444ec688c23b01dc7d8cf3809023e0d2037cbf66802d1 | Triage

Sharing

General

Target

ebeefe73fdf6d341683444ec688c23b01dc7d8cf3809023e0d2037cbf66802d1
Size

1.0MB
MD5

f47cca9938236567b188ede2c483a6d6
SHA1

0ddf947814b3237558584c2178a41ac62701b1ce
SHA256

ebeefe73fdf6d341683444ec688c23b01dc7d8cf3809023e0d2037cbf66802d1
SHA512

41b869b395ee438c768a24e3ee0f6e0b4d08baaca7f18502198a06ab47d2eab99b2fcaf18fac8e0440ba5312b90f8729c2b37cbc18b9797c30269da643bf9517
SSDEEP

24576:xwh8+OI0OxAuIPBCmEnECxekioh+n/IuRDZ9lxR/SKX9BTQz7BDS0:xwmTI0O2XEn7ioh+n/Ikd9lxpHOG0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ebeefe73fdf6d341683444ec688c23b01dc7d8cf3809023e0d2037cbf66802d1
unpack001/out.upx

Files

ebeefe73fdf6d341683444ec688c23b01dc7d8cf3809023e0d2037cbf66802d1
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1018KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ