151b63918cebe33fdf1aea05b06269c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

151b63918cebe33fdf1aea05b06269c9
Size

680KB
MD5

151b63918cebe33fdf1aea05b06269c9
SHA1

a34d924618382e9b9a1fb1ab4060fec858186112
SHA256

e334aea668b138d086294c0b8b5d92a588c86c1808a1c1fb19fabfc56eca558a
SHA512

a239d3f525c5bb63308b77d27831b42303c9afc2ed4c35d9c753a5e275a0ce579c6be956b3b5adff5f576243b9dfe0c754dfaa6b70ecb98689d5f7aeb7b97828
SSDEEP

12288:pGcuIjwzt1hX4X4+Gdpf+e+i7C0OUjNlem2gwmdC7Zk6TfporHI6P:pGcuaw5X4o+GLZemj7epgwnhOM6P

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/哈克辅助工具.EXE	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/哈克辅助工具.EXE
unpack002/out.upx

Files

151b63918cebe33fdf1aea05b06269c9
.rar
155绿色软件站.url
.url
哈克辅助工具.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 666KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 544KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ