22006697f08a2e41b7c4c5905a539a45f2468cef79fd6f64f1eba37c21661c79 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22006697f08a2e41b7c4c5905a539a45f2468cef79fd6f64f1eba37c21661c79
Size

1.5MB
MD5

bc01a6a39b6f600c3e6b39b8a00cdb72
SHA1

2842f84d66cb2c66b344ac64d4f32e083d2b4562
SHA256

22006697f08a2e41b7c4c5905a539a45f2468cef79fd6f64f1eba37c21661c79
SHA512

81da29905960be10d9a3ba1ea9858f297d7c64a611a67962f6fbd9a9089e8c696144c6a9fbbeecfffacc5f71a63b6680b7efef9498d4d89fd6c63cde9e482aef
SSDEEP

49152:n0L+6094ubnhAYEoBnnmk/acmMbUnMU465:n0ip9dbhAS1nj/RmMbUnpH5

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
22006697f08a2e41b7c4c5905a539a45f2468cef79fd6f64f1eba37c21661c79
unpack001/out.upx

Files

22006697f08a2e41b7c4c5905a539a45f2468cef79fd6f64f1eba37c21661c79
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.4MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE