35c92e0df8cea952c60f1650e7677c994b7c317441f5169f20d3aaab83ffbfa7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

35c92e0df8cea952c60f1650e7677c994b7c317441f5169f20d3aaab83ffbfa7
Size

43KB
MD5

d63d512a21053e2e6de3feb1f31a1909
SHA1

a507e12a0d83a363a1e63db9db6e95a30b3af9b6
SHA256

35c92e0df8cea952c60f1650e7677c994b7c317441f5169f20d3aaab83ffbfa7
SHA512

66af899c4046a263b815b76c88adda5291907c338434c6a2331410ae92a802d0a5c16c188ad3ee7b3542d51d84019aeab13f40fa1bbf5ad6d1625c2dc4fa0035
SSDEEP

768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBJBT37CPKKdJJcbQbf1Oti1JGBQOOW:CTW7JJZENTBzTW7JJZENTBv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
35c92e0df8cea952c60f1650e7677c994b7c317441f5169f20d3aaab83ffbfa7
unpack001/out.upx

Files

35c92e0df8cea952c60f1650e7677c994b7c317441f5169f20d3aaab83ffbfa7
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ