d86802518ee3f8c9b97f32c147cb507f[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d86802518ee3f8c9b97f32c147cb507f.exe
Size

164KB
MD5

d86802518ee3f8c9b97f32c147cb507f
SHA1

4f36f3b858f36a9ac036331b7772f4e177223142
SHA256

f72f4bc4d6f6ad8930bbb8b6dac898bdd9dc78fbf08ef8e11f50cfaa6fed5460
SHA512

3d8e0956a279d6c0f00b8154139b993bd111fdb1864ce1c9b161d1fb4cc6fd223fb239e8cce4b7067bece6362daf1f07551c3461e8b1dfd3b07c315ad750e06c
SSDEEP

3072:1u6PxIiDANRcbgbntDbgbnticLyelLA/IotqFH5bgbnto2SbgbntmBf2vURC4:1uRCyibSxbSYQVUQhbSOfbS4QgR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d86802518ee3f8c9b97f32c147cb507f.exe
unpack001/out.upx

Files

d86802518ee3f8c9b97f32c147cb507f.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE