b6291ab00ecb7aaf1f0a4c859156c658 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6291ab00ecb7aaf1f0a4c859156c658
Size

19KB
MD5

b6291ab00ecb7aaf1f0a4c859156c658
SHA1

6c395c179f7f30977227108f731988c9b3be0ceb
SHA256

1a4a3e5e9e6201eaeda7bae97f730f39c4361d105adbf427e91e37f2687ac285
SHA512

f51ab105b66fbd4fb01883e6c5502b289980442d4c583f0b17a4ed33262c6a744f670f0cf906e59cf6a7ca7956f6efa99b30cde32f67791c487f70e86565d9a4
SSDEEP

384:CcWtMyCsK8lB0t6W4iJuG7I7pr/i0U7cT6JKLvu7vNX:OdCsU4quoINq0eKLvA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Comprovante_Deposito_Efetuado.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Comprovante_Deposito_Efetuado.exe
unpack002/out.upx

Files

b6291ab00ecb7aaf1f0a4c859156c658
.zip
Comprovante_Deposito_Efetuado.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ