d48b0d2b50d1c44ab14d794ea75fdf52 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d48b0d2b50d1c44ab14d794ea75fdf52
Size

90KB
MD5

d48b0d2b50d1c44ab14d794ea75fdf52
SHA1

00409e7d0ba299016e707e7e1c2cc98b15cef729
SHA256

e5d502b87a83b2d7d8f2d2d3b3c3ed7688cc323b32f2d513ab3ff2571a73e7a2
SHA512

0e3828ac09ac32cbb5bf3ebb720ef7f8f561c00979cbbc0c4ec47d3fd8425b5e40d3bf4d82424e1253f5d6d83f2d406d491d67ce159e9c6e2dbaee0afe762939
SSDEEP

1536:LlRb99zDESzAOmw39a9fSNToENskuTZP50z+YVsTPTgfsQjRzUtWUKv3vmY+bbET:ZZ99zDFMO3KfSNTRNslZPE1sXgBjh5Un

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d48b0d2b50d1c44ab14d794ea75fdf52
unpack001/out.upx

Files

d48b0d2b50d1c44ab14d794ea75fdf52
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE