ad1db850b75faf686241a369ca7c696625061b8bf8ed5f8cf40d9f0a77c18ffe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad1db850b75faf686241a369ca7c696625061b8bf8ed5f8cf40d9f0a77c18ffe
Size

1.3MB
MD5

19c8a4d72609c4a590666e17aa7da62f
SHA1

7c2e1057f93dbcf571cb1d1f46b34822b7cb03d9
SHA256

ad1db850b75faf686241a369ca7c696625061b8bf8ed5f8cf40d9f0a77c18ffe
SHA512

9e44fe2a2d6a4034c9cceeb751d08a0de91ea4d75066cb956aefaad686ff109da4a57aaf7a0359113bedddbbe131ef98ac303fd2a2fe5e918fcad3165176c819
SSDEEP

24576:viUmSB/o5d1ubcvPsub+44Dwvcz1qytEe1fYad1MOat26sgK7Va39X:v/mU/ohubcvEubZCCyth1fYmuOa46sgb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ad1db850b75faf686241a369ca7c696625061b8bf8ed5f8cf40d9f0a77c18ffe
unpack001/out.upx

Files

ad1db850b75faf686241a369ca7c696625061b8bf8ed5f8cf40d9f0a77c18ffe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 371KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 939KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 946KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ