6b6a97c83d941e2f66896362020c3b22302a0584bc69870b2ae7e49d93cc96d3

General

Target

6b6a97c83d941e2f66896362020c3b22302a0584bc69870b2ae7e49d93cc96d3
Size

535KB
MD5

0c9488f4f20e5f1bb814b0f4db392fdf
SHA1

5d63eb49ecb00fe9bbf63d9ed858bdd27b348117
SHA256

6b6a97c83d941e2f66896362020c3b22302a0584bc69870b2ae7e49d93cc96d3
SHA512

0b0f1fd86c5328b07944f041b7346e99cdfdd7d3ca51707a403ad3ece9067ce691e3fdefef06dbcb397222c2f583fd8c8113fa71ca145e40d2db9b6b71d56a6d
SSDEEP

12288:9Dd3d9fBIwErRU2WYnbrVIH2cEew8zfaWAlMr6QTA1thEOr98gAb:Rdt9fBIftHOHh5YMOAAjhEgNAb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/09876543.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/09876543.exe
unpack002/out.upx

Files

6b6a97c83d941e2f66896362020c3b22302a0584bc69870b2ae7e49d93cc96d3
.zip
09876543.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 732KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 345KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 732KB

UPX1 Size: 345KB - Virtual size: 348KB

.rsrc Size: 215KB - Virtual size: 216KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 568KB - Virtual size: 567KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 20KB - Virtual size: 35KB

.rsrc Size: 222KB - Virtual size: 222KB

.reloc Size: 28KB - Virtual size: 28KB

UPX0
Size: - Virtual size: 732KB

UPX1
Size: 345KB - Virtual size: 348KB

.rsrc
Size: 215KB - Virtual size: 216KB

.text
Size: 568KB - Virtual size: 567KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 20KB - Virtual size: 35KB

.rsrc
Size: 222KB - Virtual size: 222KB

.reloc
Size: 28KB - Virtual size: 28KB