044317a6e6a482e5d491d2cac932d3fd | Triage

Sharing

General

Target

044317a6e6a482e5d491d2cac932d3fd
Size

381KB
MD5

044317a6e6a482e5d491d2cac932d3fd
SHA1

9bb9622b025acc8ccb043cfd5754250e9289395c
SHA256

03ea41416e7899400d227c0e5c26bef5e5897c5d6cfced7145079a6a97566716
SHA512

76d628d7fa2e641f4d0a0c7b683c6e5c5a28adc474fd7acedd4c700e30ce9b2320dd6e89212afed0e7662eacdb4e4d83377ffb9d5f7d3fcee67dd3b7a165a4c2
SSDEEP

6144:GR5xWzh1SMeve+UodV2WGdgu6NSL4sP6+VdwivxPTfDZ7cor+LV45zpayMAsrYDz:GR5xWzMZUzWGdgu6A5PKYxPZYu+Rsft

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
044317a6e6a482e5d491d2cac932d3fd
unpack001/out.upx

Files

044317a6e6a482e5d491d2cac932d3fd
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 560KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 379KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ