784c61340d4ff9ed7b0f2504b624690237cccd0a2c67b0d85977ec4dbc33c9da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

784c61340d4ff9ed7b0f2504b624690237cccd0a2c67b0d85977ec4dbc33c9da
Size

180KB
MD5

1e0b6140e8177eb519fa31576d135962
SHA1

61b4ce05abc3541d882fd25b116f54fe96589385
SHA256

784c61340d4ff9ed7b0f2504b624690237cccd0a2c67b0d85977ec4dbc33c9da
SHA512

c75a510ef3fe49abed384e12d6e5d17cb2d5b638e1120eb2c4e4d872ea319e21f828d16054e0bebd18283362c61de13ccc0eb5e863733b10028f915b2d578089
SSDEEP

3072:hfAIuZAIuYSMjoqtMHfhf+9iMGfUSaOy9SnJUwFU+FUhFUeFUXFUqyqKRrpF6Pwq:hfAIuZAIuDMVtM/49iMGsSaOyih

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
784c61340d4ff9ed7b0f2504b624690237cccd0a2c67b0d85977ec4dbc33c9da
unpack001/out.upx

Files

784c61340d4ff9ed7b0f2504b624690237cccd0a2c67b0d85977ec4dbc33c9da
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ