c0f9f41424e4d9225d8b664cc068f7b60d01fcd81a36279a7c2a3cf94284d487 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0f9f41424e4d9225d8b664cc068f7b60d01fcd81a36279a7c2a3cf94284d487
Size

95KB
MD5

4f9fed681d92d319684e2eb1b510c0a0
SHA1

4cfcf06d6620037e3ed7803913bd8d52fc0b6456
SHA256

c0f9f41424e4d9225d8b664cc068f7b60d01fcd81a36279a7c2a3cf94284d487
SHA512

949b44eab8e666d56d5040b01eca7b6853f507fc5d512bad16af8449f581b0919bbe771559c33ca9d722d5a3752e0ba0afa044a9d9467cf4a31d6861e372385f
SSDEEP

768:0Myxpb0l3tnBJ65wGwVkALt+x9bba/it7zyE3w5uw5k4CkWCsuwlNh8JdUJhd9JI:0MeqldBPGw981pyPny8s9GJeJRS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0f9f41424e4d9225d8b664cc068f7b60d01fcd81a36279a7c2a3cf94284d487

Files

c0f9f41424e4d9225d8b664cc068f7b60d01fcd81a36279a7c2a3cf94284d487
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE