f8a54c7e21f44180fec6ea04d2b63ce20185f5c5009e6e7a3983b67678866788 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8a54c7e21f44180fec6ea04d2b63ce20185f5c5009e6e7a3983b67678866788
Size

108KB
MD5

3c07c8aeb9c80c0da467c298868fc1d0
SHA1

30ed1c9028f8e0c9f57e052589931484b1c32ebe
SHA256

f8a54c7e21f44180fec6ea04d2b63ce20185f5c5009e6e7a3983b67678866788
SHA512

24a7c7bac6066cf3c08c4572795a6cc9e083eef3ba1c431e42f3215a18621a565d0ccc0da275677981454ff6aef62ee6701503132337b6c92ce94b301b7e0a80
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0x8:hfAIuZAIuYSMjoqtMHfhfd

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
f8a54c7e21f44180fec6ea04d2b63ce20185f5c5009e6e7a3983b67678866788
unpack001/out.upx

Files

f8a54c7e21f44180fec6ea04d2b63ce20185f5c5009e6e7a3983b67678866788
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ