00bc73089cfe7bf5b496a73c346855f9cea441cce91eeea936bb18ce4287ef49

Sharing

Copy URL Twitter E-mail

General

Target

00bc73089cfe7bf5b496a73c346855f9cea441cce91eeea936bb18ce4287ef49
Size

1.1MB
MD5

020183c6acc1cc6a01cb9b03319d176a
SHA1

bb4755e031e0998af075bfdabd1ce0cca76cdcef
SHA256

00bc73089cfe7bf5b496a73c346855f9cea441cce91eeea936bb18ce4287ef49
SHA512

7ebca1c8cd2c9d551f1402df1de28e79da2d5f3c4366176eb58dc256a592cdfa1af3a93113e2ee1721699b8f3e0235bfa1bf0e76e1dd94f96183967c6f83d829
SSDEEP

24576:iwEz4ElhA/vUsQacZD4YmdHiL1jX8JGYc4829LzdPKuddqMOOV+LC:C4uhA/ssQxZDzmUL1jMdH84fhKEdqMOD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
00bc73089cfe7bf5b496a73c346855f9cea441cce91eeea936bb18ce4287ef49
unpack001/out.upx

Files

00bc73089cfe7bf5b496a73c346855f9cea441cce91eeea936bb18ce4287ef49
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$6TForm1
@$xp$6TForm2
@$xp$6TForm3
@$xp$6TForm4
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@@Unit3@Finalize
@@Unit3@Initialize
@@Unit4@Finalize
@@Unit4@Initialize
@@Userbahavior@Finalize
@@Userbahavior@Initialize
_Form1
_Form2
_Form3
_Form4
___CPPdebugHook
___setRaiseListFuncAddr
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 289KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.0MB

UPX1 Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.data Size: 85KB - Virtual size: 168KB

.tls Size: 1024B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 14KB - Virtual size: 16KB

.didata Size: 3KB - Virtual size: 4KB

.edata Size: 1024B - Virtual size: 4KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 289KB - Virtual size: 292KB

UPX0
Size: - Virtual size: 3.0MB

UPX1
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 85KB - Virtual size: 168KB

.tls
Size: 1024B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 14KB - Virtual size: 16KB

.didata
Size: 3KB - Virtual size: 4KB

.edata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 289KB - Virtual size: 292KB