238aeec063e0edab2e47f7971298490c00ba200bfa6fe30868730f833ca323f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

238aeec063e0edab2e47f7971298490c00ba200bfa6fe30868730f833ca323f2
Size

66KB
MD5

097280c4f0e6255fe6d7a93af8a18ffc
SHA1

03d2f84f7fa3eb3d8aae7283843cacf1e836867b
SHA256

238aeec063e0edab2e47f7971298490c00ba200bfa6fe30868730f833ca323f2
SHA512

74ca17a15d48c0be1e3bbf4233242f3ee31940b26430f313b92d06740e7d3377049784d30885b818ce63283390771b402f72b010446cf5f558ef3bf026e02bf9
SSDEEP

1536:B7OE59Vyzrc8K3WgFtKhJP+tcrVOXKzaJThZfaKhQiSEKNJ:xV5998K3WQ8fjEXKgZfnhfxu

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
238aeec063e0edab2e47f7971298490c00ba200bfa6fe30868730f833ca323f2
unpack001/out.upx

Files

238aeec063e0edab2e47f7971298490c00ba200bfa6fe30868730f833ca323f2
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pb
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE