76072b0e5bbd6dc365b38637268918bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76072b0e5bbd6dc365b38637268918bf
Size

80KB
MD5

76072b0e5bbd6dc365b38637268918bf
SHA1

d842112a48d78304c1a74475c6637c31f8ed7ffd
SHA256

adf56d3880e03e3041d3f131456832ecc3d0d887aed077910ffd90fe211dc08b
SHA512

5dca5c2ea947eeac6e4cc716a6c994c4c5ad516af92fb376932b11e622c5c7766a4e77eedc5abe94e162af5b5bde6a711ad82b3cbbef7b1bfc7374e7c7505062
SSDEEP

1536:hG78q09F1mgbQipW7+0QG0bPSlzbycf7Fbf8iEWyppek7yp1pA9:hUdMAIMqG0baBbNFfzEWol+p1+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
76072b0e5bbd6dc365b38637268918bf
unpack001/out.upx

Files

76072b0e5bbd6dc365b38637268918bf
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE