5e9e9cc71e3b613d824ee106e5a72e32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e9e9cc71e3b613d824ee106e5a72e32
Size

486KB
MD5

5e9e9cc71e3b613d824ee106e5a72e32
SHA1

58ae31e6106f687b15d7b3e81e3b2ad1f1daa74b
SHA256

79f947c9ab46f3060127ee90d3ea7dbf1b8dcbed5c475d5e2b086bb47c90257b
SHA512

bb4b92f5f0c472ba62ab79b07b4b83f0c091c7f840b22a2a9a108c0e10060c6d4920ed1276f24c85ca5258178f2e0e7c9f2f3cd9878ef9662c7bfd396b98baa8
SSDEEP

12288:LHvq3iPL8MbOlgLLYU16gFCjV7+LoX75lHIPJEcVSxg590GBJFZoan:bq6L80OqHIgUCLor5lzcSxgXpB5v

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5e9e9cc71e3b613d824ee106e5a72e32
unpack001/out.upx

Files

5e9e9cc71e3b613d824ee106e5a72e32
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ