2b9aed8a90cd0c45a2966befb2891872 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b9aed8a90cd0c45a2966befb2891872
Size

181KB
MD5

2b9aed8a90cd0c45a2966befb2891872
SHA1

0a063bc010f6553fce6e4d3a3c4111465109f20b
SHA256

fa2b1be59f54eacfe2b46566775e25fa52cbb4f3d8aa99c9bd745d3decb20e24
SHA512

4bb01dcd0c90d5bb399e98a6d0e2553efe5f531a3f50952e815b8afb87584b89d3f7212593079e7b988802bdcb1aceb606b10812dd8c277083c9d6d8b8b95e65
SSDEEP

3072:7w6WoLcRgIwaf+oJM9scNqw6W1j96+rbdbUbbpd+DoUVmUl6bdDLZxnHO6:E6WoLCwcd+scNEWEbpd+DoUVmUl6bRLn

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2b9aed8a90cd0c45a2966befb2891872
unpack001/out.upx

Files

2b9aed8a90cd0c45a2966befb2891872
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ