a698eb55d61419cb35472e5e05c1520aa5f91439b043079d1f9f6e0edfdc9637 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a698eb55d61419cb35472e5e05c1520aa5f91439b043079d1f9f6e0edfdc9637
Size

272KB
MD5

f70f6e24ace39b088567bd7234140c68
SHA1

f20d3b3fe2478d4e0ac3d4abb12cb54d7e1bf7fa
SHA256

a698eb55d61419cb35472e5e05c1520aa5f91439b043079d1f9f6e0edfdc9637
SHA512

d7e8cf8db8cee911b39416b78ce99eef7d4352dea9c8b52f5df29700f370e1f3dbcec50ca6cfb78f792e9ebaa4092ed3687dc10ae515f04f76cd3c5271080c25
SSDEEP

6144:YoaYT9ykzOBlpp3DY/42GKKAeGQUSouV0:DrJCPJVAeG/Sou

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
a698eb55d61419cb35472e5e05c1520aa5f91439b043079d1f9f6e0edfdc9637
unpack001/out.upx

Files

a698eb55d61419cb35472e5e05c1520aa5f91439b043079d1f9f6e0edfdc9637
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 269KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 456KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE