HEUR-Trojan-Downloader[.]Win32[.]Upatre[.]pef-abe4b69c68e665babb5081f5e2f8aa027f745f1840ec02a7335860504cefca3a

General

Target

HEUR-Trojan-Downloader.Win32.Upatre.pef-abe4b69c68e665babb5081f5e2f8aa027f745f1840ec02a7335860504cefca3a
Size

35KB
MD5

f6d27dafbcc2076ec98e43a707d49d7c
SHA1

48fe49cbe648726e7f2469fda19df5e1daf2a9d8
SHA256

abe4b69c68e665babb5081f5e2f8aa027f745f1840ec02a7335860504cefca3a
SHA512

d5f46afbefa989df034533ede573286196abc180f2f75c28b856dbc43d62e4a20f6e2e9eaa8c923cc203b7229cde29b8eff4bb65a3a9d5fecdafe33d9502d9d9
SSDEEP

384:kguzjEChqLcBsFNQiviL//U8fYppTfiTfEvkpLutEBa4u+:klAL/vW//pf/f/uUv

Score

10^/10

Detects executables built or packed with MPress PE compressor 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_MPress

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
HEUR-Trojan-Downloader.Win32.Upatre.pef-abe4b69c68e665babb5081f5e2f8aa027f745f1840ec02a7335860504cefca3a