urelas | 4a8d0c692042fcace23a8b9461050ddd | Triage

Sharing

General

Target

4a8d0c692042fcace23a8b9461050ddd
Size

328KB
MD5

4a8d0c692042fcace23a8b9461050ddd
SHA1

b9eb6d038650d33fe9553d4e692e25088113d91f
SHA256

d6d1d6fe4be85a2b54ca97dcb642c53011e5b507eeb13f5c27cfa3c2aa751103
SHA512

f51092c252afb5844b3e7ba4b98aeb7e329a7e05a63504a8e627d3ce2717e9edf73a5e8c218b28d11af5d32a1996e54512588688fa8ddbf29549ec656299f473
SSDEEP

6144:wObaeY8zPekKKH/hT8PVdkLHtA3nPER5oSHzZ4NyM:wOb/KKH/hT8PVdkJA3uoSir

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a8d0c692042fcace23a8b9461050ddd

Files

4a8d0c692042fcace23a8b9461050ddd
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 192KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE