ade2a4b5e0e7051035326470a8017be414559f0c2ab90e4ef4e4896c0de7b897 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ade2a4b5e0e7051035326470a8017be414559f0c2ab90e4ef4e4896c0de7b897
Size

75KB
MD5

581b5d1321ba06f07edaf1687f8296b1
SHA1

b8b5a942962d18526f9bd710b1439ad662275323
SHA256

ade2a4b5e0e7051035326470a8017be414559f0c2ab90e4ef4e4896c0de7b897
SHA512

37269802ac880e700404f52e06c7b5c7cf290da657fe1fcf237bdd985867bf2d412e0784a5e152e493a24dc5428222e365e88ca0ee37cd4a6a7d370bb5ab6411
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8GOlLDrUp8UT6:KQSorOlLDrUpjT6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ade2a4b5e0e7051035326470a8017be414559f0c2ab90e4ef4e4896c0de7b897
unpack001/out.upx

Files

ade2a4b5e0e7051035326470a8017be414559f0c2ab90e4ef4e4896c0de7b897
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ