078e1cf16cb37a09bc65930dcedee563 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

078e1cf16cb37a09bc65930dcedee563
Size

10KB
MD5

078e1cf16cb37a09bc65930dcedee563
SHA1

ece4a23c9e2debe4b595b5e201e79b02fafe55f0
SHA256

9be4dab7c3b5e00ac3297049ce004ae7680bbb30da773d8d98df54aa8afba4ce
SHA512

0e63118f9941d89224bb670b3db53647221bb19bab1ba8b5e49e0688db1225f0c257f6f318a5b29b1ba6810206dcd128dd4dc419c95a1aff512c553b9f7deeb1
SSDEEP

192:acIXxakovr4kGN14LHZladDLiEHPJQx4d/g07rSxrw0BjbVqd6AEbpGkUOqA2EsS:YxBoD4H4lWL9SILXS9HBFzAkqREV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/recado.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/recado.exe
unpack002/out.upx

Files

078e1cf16cb37a09bc65930dcedee563
.zip
recado.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ