54bab112de0c8b643892d66eca3a5d3df2fba6d3686ffe513473c5ea5f9fc270 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54bab112de0c8b643892d66eca3a5d3df2fba6d3686ffe513473c5ea5f9fc270
Size

218KB
MD5

4e91c2072e111fdfc3f870735ee3be53
SHA1

0fb4ebad6876d76493b50ad7c14addae0091ea75
SHA256

54bab112de0c8b643892d66eca3a5d3df2fba6d3686ffe513473c5ea5f9fc270
SHA512

8eabf1031b80b43b55fb58d27efefc36161e5e31d4e52e53f7dec6fc5e3afc81efb2735603ac2e8386a011525de66f26fc6b20e90af4fe5d4bc3859d636b5236
SSDEEP

6144:mgSL8f1gkSinOkAvlEJfD05kXp74MnsWPQbIhinP:L9TSiODvlwdpDnRominP

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
54bab112de0c8b643892d66eca3a5d3df2fba6d3686ffe513473c5ea5f9fc270
unpack001/out.upx

Files

54bab112de0c8b643892d66eca3a5d3df2fba6d3686ffe513473c5ea5f9fc270
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ