71dbe1d490fa8139cd75eb66dabebe29ce15f0dbfe2a28161748c1aba4e7dba9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71dbe1d490fa8139cd75eb66dabebe29ce15f0dbfe2a28161748c1aba4e7dba9
Size

2.1MB
MD5

12a22bf076109c1228344e062856330d
SHA1

b3292715c756d7103c5c72762b04a7d19bfb0c49
SHA256

71dbe1d490fa8139cd75eb66dabebe29ce15f0dbfe2a28161748c1aba4e7dba9
SHA512

c9519636cef21b463681f4152394fb367e070fcc6a7f32c5dc2cdf814c30cc2e462fd532b901dbdc9188a3617b8c13d285287d6ca9df70f753a81fe4b7bf92b6
SSDEEP

49152:5SMSj1G723AKDK1KObNlfnhr23xhNYhjdzZ0XSWrSaNXKp:5+G7JeKhhlhr23xHYbzEea6

Score

9^/10

upx oss_ak

Malware Config

Signatures

detect oss ak 1 IoCs

oss ak information detected.

resource	yara_rule
static1/unpack001/out.upx	detect_ak_stuff

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
71dbe1d490fa8139cd75eb66dabebe29ce15f0dbfe2a28161748c1aba4e7dba9
unpack001/out.upx

Files

71dbe1d490fa8139cd75eb66dabebe29ce15f0dbfe2a28161748c1aba4e7dba9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_Scintilla_DirectFunction@16

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ