99c18abc9774f9bc8aae3c9226e0b1b1ba96e188ab454c9bf95ae7d7093b4b57 | Triage

Sharing

General

Target

99c18abc9774f9bc8aae3c9226e0b1b1ba96e188ab454c9bf95ae7d7093b4b57
Size

726KB
MD5

dd798a2b8fb0daf3b91fde8a450b873d
SHA1

6ae9d6ba1d4a4df1c19f76beb66f1cf067bde143
SHA256

99c18abc9774f9bc8aae3c9226e0b1b1ba96e188ab454c9bf95ae7d7093b4b57
SHA512

cef0a5895f57f98cd24dcc22d1693b1e8695b479daa35e7b59d03c5b4faa586e8e612db068d7414cd0dd9b5d64fdd48c04d68168d86a17caf12a2f1037f38a60
SSDEEP

12288:j0MDDRwl9uWD44DiV8zJBzYqXbbhwnH7BmF2ppVgcAVq0+A0x6y5DP:j9S9X04OVEBzYqXbCH7BmupVgFVq0oxJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
99c18abc9774f9bc8aae3c9226e0b1b1ba96e188ab454c9bf95ae7d7093b4b57
unpack001/out.upx

Files

99c18abc9774f9bc8aae3c9226e0b1b1ba96e188ab454c9bf95ae7d7093b4b57
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 701KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 588KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ