43b8cf7851daf6e3b5702338586b1507 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43b8cf7851daf6e3b5702338586b1507
Size

12KB
MD5

43b8cf7851daf6e3b5702338586b1507
SHA1

13bbf067c7205676d3f02748318a31daada6e193
SHA256

29a8e92c57e83f9b8b6fbcbedca07750a4f34f48ce447017acb9d673c45003c3
SHA512

ac4e2583ac64c166c66d61dc60a0e71e906bd2ae524dee6a98b6e190abbb67c461f83a5398b1896f7cd3a77442f84f543f3581d70284fd81b238d36b96f0bbb1
SSDEEP

192:dy8Fwxg51lu2kGYyHNGwPrGK91JOgSzHAHzBVR9rsGvvJ2BLLWO7Zhj:4sLuVGYSTTv0gGAzBVR9rLvR2BWyZhj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43b8cf7851daf6e3b5702338586b1507

Files

43b8cf7851daf6e3b5702338586b1507
.exe windows:1 windows x86 arch:x86

67fdc237b514ec9fab9c4500917eb60f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1st
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE