app[.]exe | Triage

Sharing

General

Target

app.exe
Size

4.1MB
MD5

ab520bbdbd7a2a502a344ca9f67bce37
SHA1

abb4439bf9bbffba2f77cdf6df4319c8a75847e2
SHA256

29a6578670ab4f4c849c2088a623956b385edc30fa0544e66eb8fcfb72235303
SHA512

7d3a034864a8a1b6050d4a8a14e1c2133f332f590ce80e91a6dab8f808c1d521cd7c6751c76d719fdbbf76bb85cf880f9c7aae06d70b2905fea903ecfd497263
SSDEEP

98304:QmXjv2Ji2gAtldkORGxM3RpTYTp3ARyDTlLTmt0JqJDaszYhmAWKikHhTiqyz:J5knQxMvT0UiVTmt0JYD9zYhmAWKii1u

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
app.exe

Files

app.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE