urelas | 808c54e52e59237255aff6d34511a760N[.]exe | Triage

Sharing

General

Target

808c54e52e59237255aff6d34511a760N.exe
Size

558KB
MD5

808c54e52e59237255aff6d34511a760
SHA1

b3676f18e81917f753e202e483c0b9fb8533d2ec
SHA256

bd6338278e91a2f1c3ee4857c69899640d897a120ae9764759fc9ad2c8b9b78d
SHA512

da396174fb2ddeb2d6b04120cb5f34d09acb75a056a048a387f6e718ff98edf9f060567b219123aef4518a5baedf9d3e6fdc8a7afe8ffbeefb9d6f934e3749e0
SSDEEP

12288:zccNvdRExZGe+Q1nSoS++43x+l7QLiaEy9:znPfQp9L3olqF9

Score

10^/10

upx urelas

Malware Config

Signatures

Urelas family
urelas

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
808c54e52e59237255aff6d34511a760N.exe

Files

808c54e52e59237255aff6d34511a760N.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 229KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE