9831dd957dc4cf5cd79d25078d7dba4a | Triage

Sharing

General

Target

9831dd957dc4cf5cd79d25078d7dba4a
Size

74KB
MD5

9831dd957dc4cf5cd79d25078d7dba4a
SHA1

e0226c71d7fcee98ab18bd747755dde0d5f16835
SHA256

2ad60b01567f835fb00f4011fe07d456533946caf290eadeacf33c9d7c950508
SHA512

842f2ee386c71ee9d9838b59c6b1fe02ca5232b58c4e0605928965f88df4b761044dd159da2fc0411b526eb9c9df25d3b57f0b9034163371a2b62d53ee6f823b
SSDEEP

1536:UHkR+6drKzpljMXNEQOCMAA5FR9cpbeMqd95e+d+z7TNXijHY5pO6H:FR+EEM9Nw9c1e9e+0NXijcO6H

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9831dd957dc4cf5cd79d25078d7dba4a
unpack001/out.upx

Files

9831dd957dc4cf5cd79d25078d7dba4a
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ