0f350a25f55e1c7dfd0d72df405f3bb1bcf9c4a9cf2d8a08d4e7d53256f6f4a7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f350a25f55e1c7dfd0d72df405f3bb1bcf9c4a9cf2d8a08d4e7d53256f6f4a7
Size

3.0MB
MD5

9e05c0d0be44001e1095efdcb66675be
SHA1

deb0d1313337cc7056edc14f030656b12a735fab
SHA256

0f350a25f55e1c7dfd0d72df405f3bb1bcf9c4a9cf2d8a08d4e7d53256f6f4a7
SHA512

f0a9cf3cb0886fab380f82a2eff71d42889bc6f96bd4313fa1521f8b1a43b5b921532305f1303ef165300e77ea0f6305ef5099fe5a97eacc2e5c2bf0753da801
SSDEEP

49152:atRAUQB+/BjMsoJIjbphRHaMKR7BItT27Hy4gFRcPa7RVBclavgmng:eRcB+asZjbRaMW1zy1RcPCtLtng

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0f350a25f55e1c7dfd0d72df405f3bb1bcf9c4a9cf2d8a08d4e7d53256f6f4a7
unpack001/out.upx

Files

0f350a25f55e1c7dfd0d72df405f3bb1bcf9c4a9cf2d8a08d4e7d53256f6f4a7
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 6.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ