702f1eeb619c7d3e8be5831c4efd99a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

702f1eeb619c7d3e8be5831c4efd99a9
Size

48KB
MD5

702f1eeb619c7d3e8be5831c4efd99a9
SHA1

b9ac830b60360b3289dc76957369f853d1d37966
SHA256

e2e09d9c47cc4375e1fcecb60539f80f7750741af8155dee553c497bac083a3f
SHA512

e585215dae95873285ff8d57ce43c428ff76748b6763c48900c445ca65b0e3833083b043b69d7d70b77d1d6ef0c60f37191e3b3f2b3e71f466ec0eb2d197effa
SSDEEP

768:G49GzLS8dKZgi9UbBEbHh55RIbx9NK3X4RW7E8nsX4lzcmQX2oooDkhAy8g7A3bX:AzL8ZP6bBEzFRqx7y84BcmQX2oooD+A1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
702f1eeb619c7d3e8be5831c4efd99a9
unpack001/out.upx

Files

702f1eeb619c7d3e8be5831c4efd99a9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ