bd2c7c4b1e273bad07ce7da4ab875c2e | Triage

Sharing

General

Target

bd2c7c4b1e273bad07ce7da4ab875c2e
Size

1.8MB
MD5

bd2c7c4b1e273bad07ce7da4ab875c2e
SHA1

0bc061a2d203612af43a32688eaa8915ee98d4b2
SHA256

2e55584d34736066a648cfc5225a99aff44c66b78a723778d08f5c5b6f495809
SHA512

c105abe8287737433c9bd7fd98dfd481b3af24aee263eb8b4e55a00d27102a13416b3cca6a6ae3853340dda2211b6b9c28940f24766d0187ea8e3d6d5c6fae0d
SSDEEP

49152:5//ogjOZwoU3Xp/G7wp0C1B33UJN5+H8PIJS9expE3pgdyuX:5XogiZwoUHEwpzB33UJN5+HmIE9Ppgoq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bd2c7c4b1e273bad07ce7da4ab875c2e
unpack001/out.upx

Files

bd2c7c4b1e273bad07ce7da4ab875c2e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ