ab44e4bcc0404c3408341bbb601498b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab44e4bcc0404c3408341bbb601498b8
Size

813KB
MD5

ab44e4bcc0404c3408341bbb601498b8
SHA1

ebec3824260a7b9c83c1fa6dece758d0855d7975
SHA256

2bd25ac35cfad536babfcfa68cad56af8773ca60277574cf4b5115a749da7b1f
SHA512

0a775a7508e9fcb0389729ac3b8d590dc0d2582af78ad62a4eb1a0b7189161a4aa642bcb777f9d9bb42c6019173988677d2e217f680fd4d1dbc211d9b9075fc5
SSDEEP

12288:wkm/Dg+KvXXzKg3mLHH2KBz4L71Xkmp99icky4MoFBQDIXS1vsy0Zy:6/UvzMHBz4/10g9Xky4zBXE0Ny

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ab44e4bcc0404c3408341bbb601498b8
unpack001/out.upx

Files

ab44e4bcc0404c3408341bbb601498b8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 984KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 424KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ