1b67084da3443ead3948845eeb2a1372 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b67084da3443ead3948845eeb2a1372
Size

370KB
MD5

1b67084da3443ead3948845eeb2a1372
SHA1

e7b584f94be61cefc6547ae75265876a00cda0a8
SHA256

dad6e53138b1dc140d9d05bb744dc9f467efc714ed3f4ed8a6db2c52e4c7c68e
SHA512

f185080fa117532928e88c86ba2b21f4cc2a9da0b72f05c7f11f47dcdda9581ea1eff0e8551d0b8eb5df4b2c529d5a41f81f0c7ba0c211611d5470ec7b913b56
SSDEEP

6144:qaj2wn3e4/LKHCPPvN8sLAFbr6VNLlG2x3DNzN8u0JBcXUrqsH0QO6ZBNJkFoXWv:3nBzcCPP1PLA5ruFlGkxh90ZrqsUQFbq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1b67084da3443ead3948845eeb2a1372
unpack001/out.upx

Files

1b67084da3443ead3948845eeb2a1372
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:8 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ