fed26b6860152e0bd5e5b416cb4732b4e15652dcfdb1780e4f056643b89eecdf | Triage

Sharing

General

Target

fed26b6860152e0bd5e5b416cb4732b4e15652dcfdb1780e4f056643b89eecdf
Size

13.2MB
MD5

71e47d12a1ad53de17005624475af554
SHA1

bceeebb3985016d93b5fc63a8d3462fecbe1db53
SHA256

fed26b6860152e0bd5e5b416cb4732b4e15652dcfdb1780e4f056643b89eecdf
SHA512

d2195126a65b942f98b37006a21bdcd33292017345c6847219e76c318cca919cdc85c16c3038369cc7dc3e34f0d1779fc7894bfd4eae15a2748a3934716bb335
SSDEEP

393216:6d0PvHK5RPUG1LOMNXtN+zVKlDrRompotaloLmM1ims1ptn:XS/IyhtrampSfmMYms1ptn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
fed26b6860152e0bd5e5b416cb4732b4e15652dcfdb1780e4f056643b89eecdf
unpack001/out.upx

Files

fed26b6860152e0bd5e5b416cb4732b4e15652dcfdb1780e4f056643b89eecdf
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 29.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37.5MB - Virtual size: 37.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ