bc4271a1f4b458fbcb8a3edfad6799d8ad88fa3b252cbb6fc19161720a73a433 | Triage

Sharing

General

Target

bc4271a1f4b458fbcb8a3edfad6799d8ad88fa3b252cbb6fc19161720a73a433
Size

266KB
MD5

3bdf07103af7a1d13c5e1e588f47e23f
SHA1

deaea66539047d861d62a53d811973757b24aef0
SHA256

bc4271a1f4b458fbcb8a3edfad6799d8ad88fa3b252cbb6fc19161720a73a433
SHA512

97898c6272bcf8845e08003b8161150bdfa32cb8e971ca76b436c3247b909322e7ae20b3ded9589f75c244178baa4a540fd49e0f1f28c04a99e88943b63e601c
SSDEEP

3072:SNXEGZJWhfNFC4S60+XoLczrVmXQoYAC26Aqs0BVH0XNn2qcyFDHH01ne4PK:AXzKdNY49u8rViz8BSXNn2qNdn01net

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bc4271a1f4b458fbcb8a3edfad6799d8ad88fa3b252cbb6fc19161720a73a433
unpack001/out.upx

Files

bc4271a1f4b458fbcb8a3edfad6799d8ad88fa3b252cbb6fc19161720a73a433
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ