bab287f907b7d1b06b0cdb404e4e07880d1907697879618f5ee525c953a2a4a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bab287f907b7d1b06b0cdb404e4e07880d1907697879618f5ee525c953a2a4a9
Size

283KB
MD5

860c147c82b143331e247814e28e96c9
SHA1

6a34a168c4748b690d3fb957f26e99c3638c84b3
SHA256

bab287f907b7d1b06b0cdb404e4e07880d1907697879618f5ee525c953a2a4a9
SHA512

a7ec273b9c053ee1bf9010eca675b55c38bb1c3f418dadd8d0cd28ab6a1ec2cb64dcc8ea189f8d1159f70db16e1d780838aaf3ec166b4c7e9ea7cb227ce5f1d2
SSDEEP

6144:+gHX5BGeyzxxWf26TUQ9NwWlIaLhjgWzDT2+Sb:+gHX58NxWPX9NwWqaVj6N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bab287f907b7d1b06b0cdb404e4e07880d1907697879618f5ee525c953a2a4a9

Files

bab287f907b7d1b06b0cdb404e4e07880d1907697879618f5ee525c953a2a4a9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE