0ffb8b6c69d7d5d43e8d0025b92a76747abad4ccf8b9196ec31f18ff813e59c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ffb8b6c69d7d5d43e8d0025b92a76747abad4ccf8b9196ec31f18ff813e59c8
Size

22KB
MD5

cf3706e7ee566b314724e643055d2d3c
SHA1

6ec7b7c112b9ef75182fe806e0d02530df92c6c9
SHA256

0ffb8b6c69d7d5d43e8d0025b92a76747abad4ccf8b9196ec31f18ff813e59c8
SHA512

ee83dc2b898cf2624fe5116f536134073aecb4eeb3806bc101f4f79143b6618e50307d530b3f61c445352e652200a053dc8dd4ceb5ec6275fc12036444590b0c
SSDEEP

384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvX8Mb7a6Trsj:rRkiLw3HsDSARGG/MMb7rfE

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0ffb8b6c69d7d5d43e8d0025b92a76747abad4ccf8b9196ec31f18ff813e59c8
unpack001/out.upx

Files

0ffb8b6c69d7d5d43e8d0025b92a76747abad4ccf8b9196ec31f18ff813e59c8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 265B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 768B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE