bd257563b4ce4bfe7be65832d5c6542d | Triage

Sharing

General

Target

bd257563b4ce4bfe7be65832d5c6542d
Size

18KB
MD5

bd257563b4ce4bfe7be65832d5c6542d
SHA1

0808d0cc3b85197693e3e4ba3734964fae27c7cf
SHA256

ca8e33afe3a9d13f632a51cff3638a5c1192cdf6ec0178d09fb92b115f024947
SHA512

8817bb396c69d4ab25f433b551895e274e376112c91a51bcd7a66b0589382e6be457873bdb33fd97937ebda9239cfbf6036238c9db62d4166d0507d6e1e98d5a
SSDEEP

384:YaToxkB7ackZDdRrRLZ7ONm8422AQOHFY9KShPHixHVRAi7flShSSP:dR+jP9ZSTr2klmExtS9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bd257563b4ce4bfe7be65832d5c6542d
unpack001/out.upx

Files

bd257563b4ce4bfe7be65832d5c6542d
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

HHHH
InstallService
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode
UUUU

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ