2d221e0d11cb2dd2afb04fab5381d99d

General

Target

2d221e0d11cb2dd2afb04fab5381d99d
Size

599KB
MD5

2d221e0d11cb2dd2afb04fab5381d99d
SHA1

ffaa9a8731901d71de2fb554a806a311b6f659ab
SHA256

e6f3db3be4d4cf4a317ae09825bb19d8ab3b5e1c49ef22a9062b6f48be876475
SHA512

66342a10bb2b8ad1ad6f7455208d5d9f772042b73ff92cd3868fa7ba9e907bf47648693dbf46797db14507d48cc9e85b776d926bc6fbde11b7b232dead338ad5
SSDEEP

12288:L8wbJ+NkSTahrtay6QM+lvVaaswflOU5asw:PANjahrtAQdpz3fQX3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2d221e0d11cb2dd2afb04fab5381d99d
unpack001/out.upx

Files

2d221e0d11cb2dd2afb04fab5381d99d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@Demo_class@Finalize
@@Demo_class@Initialize
@@Demo_thread@Finalize
@@Demo_thread@Initialize
@@Lang@Finalize
@@Lang@Initialize
@@Unitmain@Finalize
@@Unitmain@Initialize
@@Unitselectlanguage@Finalize
@@Unitselectlanguage@Initialize
@@Vclutil@Finalize
@@Vclutil@Initialize
@@Version@Finalize
@@Version@Initialize
__GetExceptDLLinfo
___CPPdebugHook
_frmMain
_frmSelectLanguage

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 562KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 342KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 255KB - Virtual size: 256KB

.rsrc Size: 343KB - Virtual size: 344KB

Headers

File Characteristics

Sections

.text Size: 562KB - Virtual size: 564KB

.data Size: 46KB - Virtual size: 352KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 12KB

.edata Size: 1024B - Virtual size: 4KB

.rsrc Size: 342KB - Virtual size: 344KB

.reloc Size: 39KB - Virtual size: 40KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 255KB - Virtual size: 256KB

.rsrc
Size: 343KB - Virtual size: 344KB

.text
Size: 562KB - Virtual size: 564KB

.data
Size: 46KB - Virtual size: 352KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 12KB

.edata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 342KB - Virtual size: 344KB

.reloc
Size: 39KB - Virtual size: 40KB