9a5b4b31f5506d61b54f6b69f293df863956fb10acee7a4010d9c53718a8e356 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a5b4b31f5506d61b54f6b69f293df863956fb10acee7a4010d9c53718a8e356
Size

475KB
MD5

42198df7f2ea0916ba94a774e3f1f114
SHA1

1bdafd48797c3e164cea367a68933e88c8421bd7
SHA256

9a5b4b31f5506d61b54f6b69f293df863956fb10acee7a4010d9c53718a8e356
SHA512

abd8f623243ade9bfa6555b2ac867bdad7657a3737d57eebcae74a86f9b8370844e8cc0bd9b478e596cd95c69a5518485e1f97dcd164da68af15b99dfd689b3c
SSDEEP

12288:gNrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVjSOsJ/L:gthTiP+ffCfB5Lf0F7Z1EDsVL

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9a5b4b31f5506d61b54f6b69f293df863956fb10acee7a4010d9c53718a8e356
unpack001/out.upx

Files

9a5b4b31f5506d61b54f6b69f293df863956fb10acee7a4010d9c53718a8e356
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 800KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 436KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 916KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ