863c0869c2609e33c6b7e29d52965f605f22f3cfb0fa5c7a42e9e0ad14e20b0b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

863c0869c2609e33c6b7e29d52965f605f22f3cfb0fa5c7a42e9e0ad14e20b0b
Size

205KB
MD5

51c9c32db5caa3f2cc7a681789ed020b
SHA1

be2b450b17cb45edd824dea131397470b9badce9
SHA256

863c0869c2609e33c6b7e29d52965f605f22f3cfb0fa5c7a42e9e0ad14e20b0b
SHA512

ffaca635201156850f52f3adb7f8547906610a982987282ea73da212c307aa676b5f373a95a9d86e1b196a421a33d193523d3a3d8fadcdd2664801cf78657395
SSDEEP

6144:hfAIuZAIuDMVtM/XSrfAIuZAIuDMVtM/XS3y9:ZAIuZAIuOYSDAIuZAIuOYS3y9

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
863c0869c2609e33c6b7e29d52965f605f22f3cfb0fa5c7a42e9e0ad14e20b0b
unpack001/out.upx

Files

863c0869c2609e33c6b7e29d52965f605f22f3cfb0fa5c7a42e9e0ad14e20b0b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ