cb15039ecbe2df1b5e748eb83420124fdd16a2a9ce4ca50dc6530f1448923efa | Triage

Sharing

General

Target

cb15039ecbe2df1b5e748eb83420124fdd16a2a9ce4ca50dc6530f1448923efa
Size

9.8MB
MD5

c35d18b47c4fb104d3912f20b3334676
SHA1

7fed632abac0449fadd2cb0680e195b2fd156ed3
SHA256

cb15039ecbe2df1b5e748eb83420124fdd16a2a9ce4ca50dc6530f1448923efa
SHA512

326e4c6bd4a54d381f531edb7295fea53ff1bb98a9844cb15dcf1da7c47c98e2e23bf8815cdb8db633d85ff8be60af6bfb09bb956d6c36e2573dcf58bf2b90c6
SSDEEP

196608:GE8X4eER6vQUCOJL6SPGChxbpHsU4wakYHSDlDIcn+7QE7ludlkDZNBvk9Ts:Ng2xuOeG2SUVrDlscn+cE5urkDZDv1

Score

10^/10

upx

Malware Config

Signatures

Detects executables referencing many IR and analysis tools 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_References_SecTools

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
cb15039ecbe2df1b5e748eb83420124fdd16a2a9ce4ca50dc6530f1448923efa
unpack001/out.upx

Files

cb15039ecbe2df1b5e748eb83420124fdd16a2a9ce4ca50dc6530f1448923efa
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 152KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE