Behavioral task
behavioral1
Sample
28e8b8e2276e3442880df8a9334f93bd.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
28e8b8e2276e3442880df8a9334f93bd.exe
Resource
win10v2004-20231222-en
General
-
Target
28e8b8e2276e3442880df8a9334f93bd
-
Size
12KB
-
MD5
28e8b8e2276e3442880df8a9334f93bd
-
SHA1
f10da5b0b0c3d009873579292910a5f904f603ec
-
SHA256
bca224df9db72984015977fc4486fa946ce825b8c181e9981a999cf89fb7a00d
-
SHA512
69e8e5610e6dfc8aa48a55d9b62aa376dea65c5a4273178d6178d0191a7b9af8862efc1a8a9c73ee6c80dae5a797e822cceaacd8e4ba488d34065b7a144a3746
-
SSDEEP
192:RyXTMEB1LxTCN4kL8JOyUaf0kmUf3DGSTSjRMinEY3ig66+bphcZaQTfZ:IXZ1S4dPfDmUbGSpYhxY61
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource 28e8b8e2276e3442880df8a9334f93bd unpack001/out.upx
Files
-
28e8b8e2276e3442880df8a9334f93bd.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ