35a6e5d7e84a39f8e58abb34aea4bc777d0acc6be16aa119298f5e1ea23b652f | Triage

Sharing

General

Target

35a6e5d7e84a39f8e58abb34aea4bc777d0acc6be16aa119298f5e1ea23b652f
Size

2.3MB
MD5

f2f0caafcfa3d2f40df0c7edb69c505b
SHA1

3bf7eab00d1f9dc568081f798618ca3a6b96a552
SHA256

35a6e5d7e84a39f8e58abb34aea4bc777d0acc6be16aa119298f5e1ea23b652f
SHA512

00d1229f3d6eacadaa59991f0411f5b34ac0135d80793da655be9c4907699a31d688d2fd51fde91f520791aade9511d1cbf123443be4a5c19964ecd0a50f7eb5
SSDEEP

49152:wOyECxNSD7m9sFyN+T3U592E1t+w5o1TZRcnQkhwHHNfTHAnEukW8BfUw2Zr:w0ukDCs0KU55t+wC1dRSQkOHZzAnKW8K

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
35a6e5d7e84a39f8e58abb34aea4bc777d0acc6be16aa119298f5e1ea23b652f
unpack001/out.upx

Files

35a6e5d7e84a39f8e58abb34aea4bc777d0acc6be16aa119298f5e1ea23b652f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ