cb9c32432c25359e85c8ac5ef33c2b62 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb9c32432c25359e85c8ac5ef33c2b62
Size

91KB
MD5

cb9c32432c25359e85c8ac5ef33c2b62
SHA1

17b0a53664d450236ad0487b7c8b1c50b3f08e20
SHA256

7fc1aae6e5a67b78b5d860f6d2625a6edffff7a15f97df5996a721c20ecde088
SHA512

a6873a03ed52fe994938eb807f2baeadb73c562407eb229c6d8e05be5239e0e111ab3a96ac6cf5b67152307399b1965d68340a07aa579879f51df649b7d40bde
SSDEEP

1536:OkDiuVtcZOy4vaoiD6vYp0A1kOZ6JHqNyP+Yi2kD9mCu3mcNC40iCKDmo58NRs:piuLcZT6ximvwkOUK895cE7m5Vqmoi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cb9c32432c25359e85c8ac5ef33c2b62
unpack001/out.upx

Files

cb9c32432c25359e85c8ac5ef33c2b62
.dll windows:1 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:1 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.flat
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ