361268c0d2d5f02b42a0bdd414271393 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

361268c0d2d5f02b42a0bdd414271393
Size

15KB
MD5

361268c0d2d5f02b42a0bdd414271393
SHA1

5f27598f1bc5fbfe7e3e047b39cc2e07a8b86c00
SHA256

c18119d520124b84ef992366883423424b16652177edea9a92aafeb9c5fa3c62
SHA512

2bc02cae23a1aca67477b9c005a15616e48b7aea0b6a77e2a09df2028882dbf698083c6421eb45b3580a0b8ef86fdad362ff7e4ccce55ba04e61ae4151a8e128
SSDEEP

192:9HZpN0P1rGWRyg361CQz1fXjzXzvlP3ECCN/8Yq3fbRiSONwXSMhJ7LqpwzY58SZ:NsV3g1fnX9qNkPFiS/S+Lawm8SZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
361268c0d2d5f02b42a0bdd414271393
unpack001/out.upx

Files

361268c0d2d5f02b42a0bdd414271393
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InstallService
zhkf
zhko

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ