7fafb4d3de05826b59e783c22159cdaf | Triage

Sharing

General

Target

7fafb4d3de05826b59e783c22159cdaf
Size

86KB
MD5

7fafb4d3de05826b59e783c22159cdaf
SHA1

c51c23cf69531357aa2285a026592377140de6d6
SHA256

115ad2ecfddd41414319f8eda9c6a6b0130052911cb57ed26acc462ebba6132d
SHA512

ce572ed1d852bba1b421c0bdabab16c8d0d63fa395a82dc10c70eee525d434371cc23d4b1dd455ade9da16011ead3aad8dd49c8477eaa6981f7249aa1e28dcce
SSDEEP

1536:VudGEM+ddIPKQC9oyvZIn12Fah203UgwI8nq07LQ0fPfFbBOL40Xv5xO9k8V2H2m:VuDdd/v9oEen12FasgwIqq07U0fPRx05

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
7fafb4d3de05826b59e783c22159cdaf
unpack001/out.upx

Files

7fafb4d3de05826b59e783c22159cdaf
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ