d87aaf9bdd16b534d3b1c8155a5b3a4e53bb51bdf939f75224da008b0d2c023a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d87aaf9bdd16b534d3b1c8155a5b3a4e53bb51bdf939f75224da008b0d2c023a
Size

590KB
MD5

2143dae394fcb405a070fd35330c291f
SHA1

2c1122f4aaac702661657f135efd2246a3ea0f3e
SHA256

d87aaf9bdd16b534d3b1c8155a5b3a4e53bb51bdf939f75224da008b0d2c023a
SHA512

cb831c0a54fd1551224b7eba4e79c0f5e25864e79ab92eb180908ba5579a558db84bc27ebe98de453cbe05bb4e73ce51cafe4cfc2ab6a75bd57784a37013ce96
SSDEEP

12288:htuAvh+N9Vrhqek8/zTKm7wk6GI1xhJbGUDktAuAplg5WhrdV9yi1:jhhqX7TKTk65DhJbStA5plg5WbTyi1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
d87aaf9bdd16b534d3b1c8155a5b3a4e53bb51bdf939f75224da008b0d2c023a
unpack001/out.upx

Files

d87aaf9bdd16b534d3b1c8155a5b3a4e53bb51bdf939f75224da008b0d2c023a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ