cab31cfc0d9979a1ecb175842f85cd2e1fba9f1c1a662c175b87baddd7cf2ee0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cab31cfc0d9979a1ecb175842f85cd2e1fba9f1c1a662c175b87baddd7cf2ee0
Size

7.5MB
MD5

7cc9f3a57f65adb3c3503f2076e25fbc
SHA1

5388519e7c0d4b514aa2e4198a9109abbb271ffd
SHA256

cab31cfc0d9979a1ecb175842f85cd2e1fba9f1c1a662c175b87baddd7cf2ee0
SHA512

9ff1e135a3712d74fb884a82199ff135591d586c218005311873e817b5cbbf795fb76e1827bfea7d7c873ff1d1d6cb630de5ca4fb5509a867d1cb797ab487e29
SSDEEP

196608:PFJ3Buyd705ZuAIA2Echo5p6M+99KB32aaVbR6VIa2uvYWpekh:duWhCC5XDS236WHqp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cab31cfc0d9979a1ecb175842f85cd2e1fba9f1c1a662c175b87baddd7cf2ee0
unpack001/out.upx

Files

cab31cfc0d9979a1ecb175842f85cd2e1fba9f1c1a662c175b87baddd7cf2ee0
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 780KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ