3897202f5aa94cc4b763056f1b4df3df6a27af8b7bf87e8f81b6e8cd7aed95f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3897202f5aa94cc4b763056f1b4df3df6a27af8b7bf87e8f81b6e8cd7aed95f6
Size

6KB
MD5

8f7e26469d4a00136c0b76e6249ce684
SHA1

306253876e2b5b6e382f86d17982ef6c5046cf42
SHA256

3897202f5aa94cc4b763056f1b4df3df6a27af8b7bf87e8f81b6e8cd7aed95f6
SHA512

89d68294e35ffadb644bf118d3f8b61a0dcac2e6c17baf8fc2914210645fceaeeb0d1790b4faa1e0451793d01a70fde7ccfc7bc66c7cec0ab8a729c9f443c1ae
SSDEEP

96:Z2dE+Yn5c0uwah8heMsgTu/X1nrjSguWvHM4u0AI772FM6Q:d+qK4ahAj2BjFJHALIXZ6Q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3897202f5aa94cc4b763056f1b4df3df6a27af8b7bf87e8f81b6e8cd7aed95f6
unpack001/out.upx

Files

3897202f5aa94cc4b763056f1b4df3df6a27af8b7bf87e8f81b6e8cd7aed95f6
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fs
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ