urelas | b59748f984aea7069b73c1f854df52be[.]bin | Triage

Sharing

General

Target

b59748f984aea7069b73c1f854df52be.bin
Size

488KB
MD5

b59748f984aea7069b73c1f854df52be
SHA1

beee66a85cc9db1c9a627ff99f74466f8f9b12e2
SHA256

2fb6c8260c621bd6a84c7a7d07b677a68d92f324e653161166e524c882cdcc70
SHA512

3143a1603f566293be91cf82353e8be910fd4a9d7b366ec45fa4674b8da52c225c921774653a10bb557ccb0e11eea45a57ced49cd26f002efe6e11b77a71fbf9
SSDEEP

6144:KxBWeMRygxDLbHxlSBxzJb6B6q1gBFJV6AvRqsf6YU+FM+3Yn/fCXjQGDq+8:63MQIDKJxq+Xxvo0U+d3s/fCX0b

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b59748f984aea7069b73c1f854df52be.bin

Files

b59748f984aea7069b73c1f854df52be.bin
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 153KB - Virtual size: 328KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE