urelas | 217e1bb6d3efd96e9c542729956112d4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

217e1bb6d3efd96e9c542729956112d4.exe
Size

473KB
MD5

217e1bb6d3efd96e9c542729956112d4
SHA1

325bd627cdb110d914e44e80099499357e2bd2a2
SHA256

76c3046bd1aaf97334d6ead8449f6075e35497848f499e02fa8e19074feb6da9
SHA512

deeeabcf886f2ff93e9e7170e034c4b89f1108244db133d922ba2804e4382447c5811faa3c57a2ba34d5ffb7769157dfb263acb637e77abd1d57bbf695666eba
SSDEEP

12288:o+ILgF8Fii+8MS6oSCzcoMvRNPVO7MgAcRBQ3Y:o+ILEXimStQzPPA7MABQI

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
217e1bb6d3efd96e9c542729956112d4.exe

Files

217e1bb6d3efd96e9c542729956112d4.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 149KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE