4c3de9d35b3563e5f174af80c83fbc03 | Triage

Sharing

General

Target

4c3de9d35b3563e5f174af80c83fbc03
Size

307KB
MD5

4c3de9d35b3563e5f174af80c83fbc03
SHA1

f673b600d9cac225083405c0280d5f911d226d2d
SHA256

5c1e86fabc1a9ba710149bfb76fc408ead50a61e7116cb4dc859a279c646794e
SHA512

34f3327101f5f3506c1985bce995f0f30fd67e6bc38e2e0a460562f7361f0de379eb1b15339cf54e1635c98604ce989006944dcc6aec13e8460017662013b2ab
SSDEEP

6144:Tvr01uC1PpNVtyNHNWYhvsODvFnnruV+TGo3e9rz0cM0nWpFkxu08yz9oUWv44Jk:P01uC1P/VB0E2uVEbmFyFn3OVWQqKt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/163Album/163Album.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/163Album/163Album.exe
unpack002/out.upx

Files

4c3de9d35b3563e5f174af80c83fbc03
.rar
163Album/163Album.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 305KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 312KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
163Album/使用帮助.url