e584a4a012e6265435c6dc3b920d3505bb0f852d544ad01b62dda09c97d0f67f | Triage

Sharing

General

Target

e584a4a012e6265435c6dc3b920d3505bb0f852d544ad01b62dda09c97d0f67f
Size

29KB
MD5

0b9f052fe6198b4ef937e574381ca2f2
SHA1

a29c360e4ced49a5820366dd0f387e28f9706711
SHA256

e584a4a012e6265435c6dc3b920d3505bb0f852d544ad01b62dda09c97d0f67f
SHA512

6bc4c98035aadb19e54250dcf7797e72a66c580a1d87e225805b11c1c19cb1bc7e50cc061657a10b3ffbe7011d783fa262220c63de1237840ece93de83532dd1
SSDEEP

384:BCFBJ+AnI5p3dZ4C7HdYwR0MrOk0WSlf2LZK3LsbWoXnKDjD228MD9ipDekL0:kFSl5dnYY7qk0nlfeKoSAnKDWMDQ+

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e584a4a012e6265435c6dc3b920d3505bb0f852d544ad01b62dda09c97d0f67f
unpack001/out.upx

Files

e584a4a012e6265435c6dc3b920d3505bb0f852d544ad01b62dda09c97d0f67f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 493B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ