d6ec041f399dbf318a02a0551ae27b2f42d9444050f6b2b932bd5255f41a14ff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6ec041f399dbf318a02a0551ae27b2f42d9444050f6b2b932bd5255f41a14ff
Size

120KB
MD5

101f6a21bab845cdd59f4726986eab2b
SHA1

31c70ba92427da09f605122f74f2d4cf8f6c2c3b
SHA256

d6ec041f399dbf318a02a0551ae27b2f42d9444050f6b2b932bd5255f41a14ff
SHA512

60742386a7864bfe4de9d53ff6a2120d4f2f7aabd76381fdbff24a3df7a5c5e54355ca8a2feefb9e9ac033b1b0484083ce0910157571d17deb82085a499370b1
SSDEEP

3072:hfAIuZAIuYSMjoqtMHfhflixibEWzVNOx0ypIzIu73mYdE9d3s9XL7EWzVNOx0y6:hfAIuZAIuDMVtM/n

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d6ec041f399dbf318a02a0551ae27b2f42d9444050f6b2b932bd5255f41a14ff
unpack001/out.upx

Files

d6ec041f399dbf318a02a0551ae27b2f42d9444050f6b2b932bd5255f41a14ff
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ