973cd488764a25a33b6deed3f1e14f14cc0cf2eb1605c5c8eb3e9b4eb8bb977f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

973cd488764a25a33b6deed3f1e14f14cc0cf2eb1605c5c8eb3e9b4eb8bb977f
Size

810KB
MD5

814e44c1db8aa244b427c6918b1b6ce0
SHA1

367766b84e4d87631c92cee17f25de14daf0561b
SHA256

973cd488764a25a33b6deed3f1e14f14cc0cf2eb1605c5c8eb3e9b4eb8bb977f
SHA512

418456f6603e3c32c6981911d7a73d2643957af1f5c09ac7188e9a9f9936fef5a326f1b768c64457bc5e71fa14f37bdd9af054b4f9c368c2a0f0519da994b8f0
SSDEEP

24576:IP+cHbzzZ1BPmv011+E73gHAvzoGP9iwe:IPd/Vruv01AE73+0P9i7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
973cd488764a25a33b6deed3f1e14f14cc0cf2eb1605c5c8eb3e9b4eb8bb977f
unpack001/out.upx

Files

973cd488764a25a33b6deed3f1e14f14cc0cf2eb1605c5c8eb3e9b4eb8bb977f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 700KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 747KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ