29c05fd13accde0d7f8170dff1edcea7dace310d39b92f16591086aa7dc00755 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29c05fd13accde0d7f8170dff1edcea7dace310d39b92f16591086aa7dc00755
Size

399KB
MD5

fcdd479c8c126f8af0724d9f5d260cb5
SHA1

dd404ca322b4507fab4d2355d8b8b9b221da82c0
SHA256

29c05fd13accde0d7f8170dff1edcea7dace310d39b92f16591086aa7dc00755
SHA512

3e4eb9652b44a91d6b19b24cbdaa74ca1fe56823bcb264f91770ddb457888757b4b00ce57dc6679d728d8892707d8d3ea93fdf2c4794b18e602da2bab9482f58
SSDEEP

6144:fEY8HkyDxIk4eaO+czagGFFgPm9UPs5E8uUF17PXKbt6+c5zn:d8HPlITczag1u9MgEnK1L4t1cp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
29c05fd13accde0d7f8170dff1edcea7dace310d39b92f16591086aa7dc00755
unpack001/out.upx

Files

29c05fd13accde0d7f8170dff1edcea7dace310d39b92f16591086aa7dc00755
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 440KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 377KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ