2fbfebe3524aa0504712ee180ebfe59df872c5d428b1eb74fa15118ff5af7a3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fbfebe3524aa0504712ee180ebfe59df872c5d428b1eb74fa15118ff5af7a3b
Size

539KB
MD5

6a4dc3294c0aeee89c465ca4714b7c67
SHA1

99b0e2bbb1422fbe3510d1dd851d0f2fa8109f5c
SHA256

2fbfebe3524aa0504712ee180ebfe59df872c5d428b1eb74fa15118ff5af7a3b
SHA512

f4f84b3ff9573293774ddf5b787d8ea0ad7f3af6f8a274a9e09b6215d776d749cef54fbb6231268251f67d209f443e749b27c1b8cd5633a803ddc6da89ddde93
SSDEEP

12288:vhymnwJFPNdgBAEHApqePJN1AmLM7uVq9sSV:vUmwrl2Ao7sJNlM7ymsS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2fbfebe3524aa0504712ee180ebfe59df872c5d428b1eb74fa15118ff5af7a3b
unpack001/out.upx

Files

2fbfebe3524aa0504712ee180ebfe59df872c5d428b1eb74fa15118ff5af7a3b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 760KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 529KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ