4db34a67d51b075210723b64d8da77fee5a9467f9c900b886283702c814abf64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4db34a67d51b075210723b64d8da77fee5a9467f9c900b886283702c814abf64
Size

35KB
MD5

6b2b08afe36d702970a09ed209ac4afd
SHA1

a85bcb2357ec2736672db1d6e75e847af197665d
SHA256

4db34a67d51b075210723b64d8da77fee5a9467f9c900b886283702c814abf64
SHA512

482f00615027b3c40bc1b3c6ad197f220b257caadd60043b67991a4df1682bad79c9d2056a51578d3fb75ce5c2d2c8c83e3100c48a65949de0288af73fab38be
SSDEEP

768:tYOU95Hpq/r5AKCQtPZu2RKIh4XVewCZ5fxlmTAmIvg2fLVU7zPxoN:qX3q/zT77m13s

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
4db34a67d51b075210723b64d8da77fee5a9467f9c900b886283702c814abf64
unpack001/out.upx

Files

4db34a67d51b075210723b64d8da77fee5a9467f9c900b886283702c814abf64
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ