d638dec70c05b2b02cc76414378ed7657e7ed1bc972a365044c3ec4e4f2617e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d638dec70c05b2b02cc76414378ed7657e7ed1bc972a365044c3ec4e4f2617e5
Size

66KB
MD5

9a2408b9d763e997ca3b67184417ada8
SHA1

746bc14a2578be9c6c071f9a82248815536b480a
SHA256

d638dec70c05b2b02cc76414378ed7657e7ed1bc972a365044c3ec4e4f2617e5
SHA512

ae76254745aa6efbb695198826255005d4b63e70f3f5c8dfb836c6a36742f233b6e058aafd387f5a321f48b8bff14a49de75329674fecdde7f7667c79d9d32a2
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zx5CJzVe/0A7:KQSo4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d638dec70c05b2b02cc76414378ed7657e7ed1bc972a365044c3ec4e4f2617e5
unpack001/out.upx

Files

d638dec70c05b2b02cc76414378ed7657e7ed1bc972a365044c3ec4e4f2617e5
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ