242ddd7e9a5d1ae6e3913d09a7b4861d

General

Target

242ddd7e9a5d1ae6e3913d09a7b4861d
Size

170KB
MD5

242ddd7e9a5d1ae6e3913d09a7b4861d
SHA1

2020837508d15d93ecaf12d6b35e9fb9ac4f38bd
SHA256

33e3e0c97c89d470b530243acc067c3843720228137abe16774eb394a6b26ba8
SHA512

c057cbc74b597dd53f13ac0f16027c69c6cdade40b70f97f6fd4a688021951dcfe621a18b7cde39017514fe4ba0b711004d8f1d7fa9692f578fbabeb0ce212aa
SSDEEP

3072:qGk3BVK+ubU8GvKeSAG60hHrNvEh3DrtMhdMdck74GNYJBvpRJA3MeJ7GE0unM:qGk37vFv3xGp5vExtMhdMy2NY3x3/ZEi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/外挂启动器.exe	upx
static1/unpack001/简单百宝箱.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/外挂启动器.exe
unpack001/简单百宝箱.exe
unpack003/out.upx

Files

242ddd7e9a5d1ae6e3913d09a7b4861d
.rar
外挂启动器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
简单百宝箱.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 154KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 15KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 154KB - Virtual size: 156KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 15KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 154KB - Virtual size: 156KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB