15bc022e2c28490351e77eec7ead91ed8f204809e29d674b9a31e6f87f838210 | Triage

Sharing

General

Target

15bc022e2c28490351e77eec7ead91ed8f204809e29d674b9a31e6f87f838210
Size

8.6MB
MD5

ccce822710604eadb996f6fc20f73a13
SHA1

8a101244130b445d76df89705ab8d7f3eb37fa03
SHA256

15bc022e2c28490351e77eec7ead91ed8f204809e29d674b9a31e6f87f838210
SHA512

40f7a3b3f50bad321ef6596c850ab196da8d2aea8fc3520a6517212f9faeb2068b5a6d9e6cd938e5e4d1c07ea39db1f7fcfc53c4fadc3cc20035c2e4fa52abb0
SSDEEP

196608:l+IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII2:l3

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

Processes:

resource yara_rule

sample UPX
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
15bc022e2c28490351e77eec7ead91ed8f204809e29d674b9a31e6f87f838210
unpack001/out.upx

Files

15bc022e2c28490351e77eec7ead91ed8f204809e29d674b9a31e6f87f838210
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE