0a013ee1a00b6184cce10803a951f4228ab7d30f3291ffb87b6ca8690a6f6b9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a013ee1a00b6184cce10803a951f4228ab7d30f3291ffb87b6ca8690a6f6b9a
Size

377KB
MD5

c7a1a6d6fdf533fb4bca7b28486c62e1
SHA1

a3899bb3bc5c1459080baace04c732eee94e7a93
SHA256

0a013ee1a00b6184cce10803a951f4228ab7d30f3291ffb87b6ca8690a6f6b9a
SHA512

671206fb165faed006a04f8a32e134b854a999e7ca7a039f0ce4cea9a396faa008b22b10881b53b5bdf1cceacaa2838b401f7ec7e183a234146924510681b6c9
SSDEEP

6144:hUft/HNHOFmpMo9159ZW3wX3MmIZ2WnfQ+xEVxf/prGaxLSQLbwmwfO/3VTqDSe:2vHOmh9159ZWAnMmc2ufNETXLxLSEcz1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0a013ee1a00b6184cce10803a951f4228ab7d30f3291ffb87b6ca8690a6f6b9a
unpack001/out.upx

Files

0a013ee1a00b6184cce10803a951f4228ab7d30f3291ffb87b6ca8690a6f6b9a
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ