12fc15feb6c8db97149b7fcedcea7e95 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12fc15feb6c8db97149b7fcedcea7e95
Size

77KB
MD5

12fc15feb6c8db97149b7fcedcea7e95
SHA1

f697180be2bf767e5abcf6c95f950300a0e8336c
SHA256

05f926d0d88314bd21d24dab10c1b6bd9eecda93e9d3e225f48474d6e78fd0d6
SHA512

a0e67b80fb8d269b6a5ae9d28bfe037fd49b8a753e89dc9d7f57e2a3047b8d5ac36440fdf690ae89b303d392af2f60554d1b5959b68ad76f8881b21479f4b65b
SSDEEP

1536:WmQ+PCtknHqYsVmMCWZYgnpRDwLL9FYyGGqTmPTHmMdPbk9f07yVJ:RK4mIaZ81GPTTmyMdPACmV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
12fc15feb6c8db97149b7fcedcea7e95
unpack001/out.upx

Files

12fc15feb6c8db97149b7fcedcea7e95
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE