389828c9e876998e8f788d6eebc8fb238d4a8fb63058e553def66ddbad759d80 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

389828c9e876998e8f788d6eebc8fb238d4a8fb63058e553def66ddbad759d80
Size

501KB
MD5

7e240880ccf4969f77f383959cc09353
SHA1

478c09434d496c29efd138ebb7432674106c8248
SHA256

389828c9e876998e8f788d6eebc8fb238d4a8fb63058e553def66ddbad759d80
SHA512

52daf12946f1dd65fbbbd0cec1e1f5cba3b39f0a9254fbf7a4de48983cb5a0a376286e55596149ffbcb42d9678443acd694b3c091ebee44d36fed3fda9fe611d
SSDEEP

12288:R7xE2BV5fHgcg5kvmRshmzmQ48rEmGcwAPCZqqiziQCt:TDH1gCmshy4euCCZ1ixU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
389828c9e876998e8f788d6eebc8fb238d4a8fb63058e553def66ddbad759d80
unpack001/out.upx

Files

389828c9e876998e8f788d6eebc8fb238d4a8fb63058e553def66ddbad759d80
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 708KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 498KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ