324d5ed863b940e748d96ce3c6d0eeff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

324d5ed863b940e748d96ce3c6d0eeff
Size

86KB
MD5

324d5ed863b940e748d96ce3c6d0eeff
SHA1

6e209dbe671b3df0d92dfc56882c56d0178f08ae
SHA256

48baca84de344eb5a939c61b22d93c54c5032cf94fab7a5bd0db3b06b77b05b9
SHA512

34f95e26a990e798222448e5e942d516e4aea53dae4ad6dbd18cbaec6f6bd16ad3ddc7dba50de8c00dd082c203d798dcf4dd088002d4f13c39b2beb7fa08b4e3
SSDEEP

1536:bubeKRHWgreO4eentRYinRF6TDyaWo0Sehsg7dL8wY4pOy5etIqkDRXCCzbjPicD:buSKRHfreO4eentR4Tj0lCg7VDY/y5ew

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
324d5ed863b940e748d96ce3c6d0eeff
unpack001/out.upx

Files

324d5ed863b940e748d96ce3c6d0eeff
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ