11992a521d8ae906b6f25d7b2159c20d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11992a521d8ae906b6f25d7b2159c20d
Size

496KB
MD5

11992a521d8ae906b6f25d7b2159c20d
SHA1

d43600afe8505e57232b2bd14fb1194bb45c0880
SHA256

08ce74f43809fe0fda8de8ddcd9ba42134df926cb6b523fc2158d213cb248c0c
SHA512

0f08fe73038951ff50bc79cd72e718e3949f169c853ec68cf9cbdd69b55c85fde74d3826e3a4882c735e12d7e49c78e505c61ec30398886a55cbea7a5f355201
SSDEEP

12288:6F4uJbBButl8mGecfpH+YTS5FNwTD8E9u/esGCt1typFi7+:6jbTIemOl+QS2ToxOCtub

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/HiAlbum2.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HiAlbum2.exe
unpack002/out.upx

Files

11992a521d8ae906b6f25d7b2159c20d
.rar
HiAlbum2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 668KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ