e91f45b49170c98edd4ade2dec7521dc2ca3380b3e1db35fc23697c0bc9d8c31 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e91f45b49170c98edd4ade2dec7521dc2ca3380b3e1db35fc23697c0bc9d8c31
Size

91KB
MD5

20e90a7b8f5debc851c7dde401754e62
SHA1

cc835217e68b856ec4d2dccc04ba63f716f1d273
SHA256

e91f45b49170c98edd4ade2dec7521dc2ca3380b3e1db35fc23697c0bc9d8c31
SHA512

5823257ab919d8384995cbe8f8f3536aa9ef32607066b358bbf170a2d1f3279a6530dee57e6b1dba9a07c4b956dc5fe3008a91f4634b0de2796243bffe7ad122
SSDEEP

1536:yOcjUpkWb2TTgKwuuOcjUpkWb2TTgKwuq:yOcjWJu7tuOcjWJu7tq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e91f45b49170c98edd4ade2dec7521dc2ca3380b3e1db35fc23697c0bc9d8c31
unpack001/out.upx

Files

e91f45b49170c98edd4ade2dec7521dc2ca3380b3e1db35fc23697c0bc9d8c31
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ