4c68f5daf0049c9ea9a356cc36ed62d1546d98dcc6e3a596a890a5bb9a53afb8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c68f5daf0049c9ea9a356cc36ed62d1546d98dcc6e3a596a890a5bb9a53afb8
Size

17.5MB
MD5

4a8a663d8cfc3c0884df48b1925d1867
SHA1

009b72b188c9f37c0408866a1d215418beb7ea16
SHA256

4c68f5daf0049c9ea9a356cc36ed62d1546d98dcc6e3a596a890a5bb9a53afb8
SHA512

ee27a790be7163438d0f31d9f5f54d593bd06f18eb613808526bcf3c9478203bde84591f23597a2697e630ce402d78bacb58f1fd760a77c92b2cd21aee198e80
SSDEEP

393216:wP3skVtA6D9Mexm3dkpjoxIYEtPa7dHgdzQDWz4:8fAYFVuxI19+2dzQWz4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4c68f5daf0049c9ea9a356cc36ed62d1546d98dcc6e3a596a890a5bb9a53afb8
unpack001/out.upx

Files

4c68f5daf0049c9ea9a356cc36ed62d1546d98dcc6e3a596a890a5bb9a53afb8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ