fb2f1c46a173b628dd727defe5001492e7a8aa8b93082e4341b5491aa5179591 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb2f1c46a173b628dd727defe5001492e7a8aa8b93082e4341b5491aa5179591
Size

119KB
MD5

ae86540f094606defed5bcb5fd02e73d
SHA1

40bc6329575da6822a313e788d68539d8ef72389
SHA256

fb2f1c46a173b628dd727defe5001492e7a8aa8b93082e4341b5491aa5179591
SHA512

1a1684b84272fb6954a92b5c40da8ea403f23cf653fc2f9b98f902081d193a5b0e6852f79b1e1adb084a0c5e43d5d067ff3d80ddcbecc5ccc9345c3c7129b553
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8c9hTmXadjUSbcDemTPAZk+cLtdNlb9PfESDOay2:KQSoL6W2QZwKS7R

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
fb2f1c46a173b628dd727defe5001492e7a8aa8b93082e4341b5491aa5179591
unpack001/out.upx

Files

fb2f1c46a173b628dd727defe5001492e7a8aa8b93082e4341b5491aa5179591
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ