426e9e2327f0ab23ef3074d80604d6c41a15ac6d08a6a616611f20dbf2f20211 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

426e9e2327f0ab23ef3074d80604d6c41a15ac6d08a6a616611f20dbf2f20211
Size

40KB
MD5

1f3c84cba84eb52cbc25da59fd13eaf1
SHA1

a230039674eef3d996a5d21dc3c65678d0088f84
SHA256

426e9e2327f0ab23ef3074d80604d6c41a15ac6d08a6a616611f20dbf2f20211
SHA512

0bbf9749119c7071f4833e0c940bff1e3c59b61fde6f25fd3a5d63cf7b0b149038265a94237bea8570bada9482e18b5b8f27c8939c3b229f18cf9b87f637cf37
SSDEEP

384:tv+t/QgBssNSvNSV+EVeFuKk/RetkMHvLYYxXpppppppppppppp7Cv+t/QgBssN6:t2h/EEQ0VKkJedYd2h/EEQ0VKkJedYu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
426e9e2327f0ab23ef3074d80604d6c41a15ac6d08a6a616611f20dbf2f20211
unpack001/out.upx

Files

426e9e2327f0ab23ef3074d80604d6c41a15ac6d08a6a616611f20dbf2f20211
.exe .js windows:1 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .js windows:1 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 439KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE