bef142c2361efa6f4fae85d95f4b2f5a70ca9f825d0a1c74b42a5187959c4321 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bef142c2361efa6f4fae85d95f4b2f5a70ca9f825d0a1c74b42a5187959c4321
Size

54KB
MD5

34fac2c2a3711258218f6cec78b7bec1
SHA1

8990e9279cb43102f5c665ec2086e8e60b915924
SHA256

bef142c2361efa6f4fae85d95f4b2f5a70ca9f825d0a1c74b42a5187959c4321
SHA512

a091977ad82a7ade481d1f9513d2de56e42fd8e041520344ffc5fe36dee372e7c3307178f3453043e1b595ca6dc179e48f9bd66c4cceb6688750fc0dfeaa3770
SSDEEP

768:ZdQQ9O7HcRZSYWMR8ESFFW8XBSziCTMnU5NNx6sfEDLBng3HzQLpouQdxK:ZdQZYhWMRZOjR0VTR5NNEsfOBgXJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bef142c2361efa6f4fae85d95f4b2f5a70ca9f825d0a1c74b42a5187959c4321
unpack001/out.upx

Files

bef142c2361efa6f4fae85d95f4b2f5a70ca9f825d0a1c74b42a5187959c4321
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ