249b7515ea8abd9acf38ecd0b84e7417 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

249b7515ea8abd9acf38ecd0b84e7417
Size

7KB
MD5

249b7515ea8abd9acf38ecd0b84e7417
SHA1

955460f4a629ba8a092a11b1d9a588da52b159ce
SHA256

25db4c8a1c0edc6751968381d3b0100c1a50110cd5a5598b9ac0004ddc658616
SHA512

ed8edc7662f4968272e0d7fd629be44c8c455c24a2cfee59927c862289c6a934cd16254427b67ff782bd4a29b60534c4698dcdba2aa32bfe8036921b437ff3f1
SSDEEP

192:3NlFJhppn27lsANA2YcgSEQsh3rfvlQIRbfXtIyu:39Jnpnks5Ie9DNriyu

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/out.upx	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
249b7515ea8abd9acf38ecd0b84e7417
unpack001/out.upx

Files

249b7515ea8abd9acf38ecd0b84e7417
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE