dfbff8167c65570f5e4d8b99f33b59e746fbda00b9eba62c1d90f6f8f28f4c73 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dfbff8167c65570f5e4d8b99f33b59e746fbda00b9eba62c1d90f6f8f28f4c73
Size

1.8MB
MD5

bdb9a72d4a223bf8c36e27d791ba2d7a
SHA1

6618fdbdc55c822a9048ec3f81acfe8f88c167dd
SHA256

dfbff8167c65570f5e4d8b99f33b59e746fbda00b9eba62c1d90f6f8f28f4c73
SHA512

5d17dbe4d7d51f25ada5b96561ed8cf5127fd407a175d753a297b6aba9ef3ff69142935e943d9ef34424a4814fab395180474495bc000862e192f8b7c6882e59
SSDEEP

12288:sOuW5o/oStso4CWKKCrZTGF/k8uMxtxPvvzSLPmyyyEyyy7E9VRd:sjSow1oJbKkKF/eMNPjSLYd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
dfbff8167c65570f5e4d8b99f33b59e746fbda00b9eba62c1d90f6f8f28f4c73
unpack001/out.upx

Files

dfbff8167c65570f5e4d8b99f33b59e746fbda00b9eba62c1d90f6f8f28f4c73
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 220KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ