e1af0a29978ebe81a1cb59fe443261a90a64f8e404f725d56125e15d95cd628f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1af0a29978ebe81a1cb59fe443261a90a64f8e404f725d56125e15d95cd628f
Size

550KB
MD5

2cd2ea3801c53d75e8957815cdb579e0
SHA1

b141854654bf401e6d23ea17a33a9727e2da39a8
SHA256

e1af0a29978ebe81a1cb59fe443261a90a64f8e404f725d56125e15d95cd628f
SHA512

fffb4a3b30bb82b5b9cb595890d82e5c0df4d8c7a1fe825734b8170b34bb929f167740ec697debace337ec9308f563a231164c5bb62102476f08a8537c00afa1
SSDEEP

6144:aUfczdhXnmOgYTLaQWj9Ebjg0H0RXDD8Kzvd5vgwYVL1BwL4nt/PZHDaXYLw5O/Y:DkhNwi29T0H8DDvDcLs4NPZMYs5biW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e1af0a29978ebe81a1cb59fe443261a90a64f8e404f725d56125e15d95cd628f
unpack001/out.upx

Files

e1af0a29978ebe81a1cb59fe443261a90a64f8e404f725d56125e15d95cd628f
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 952KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 366KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 616KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ