bcbad47d380a3b7f98852751fb4461cf8a5090114c7d0337ad07bf2e3718aac4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcbad47d380a3b7f98852751fb4461cf8a5090114c7d0337ad07bf2e3718aac4
Size

5.0MB
MD5

492d22e5298342b2d011d3f1876203b6
SHA1

2c157822376b790cecdbd0c37ef5b7762e0aa781
SHA256

bcbad47d380a3b7f98852751fb4461cf8a5090114c7d0337ad07bf2e3718aac4
SHA512

d3507e727fb2546d5a437d8d092cfb1ddd0a9d2ed21faac37403698afe5c24b2107c57d95be782f0231b0d22ece068b1a9beccd52eaf92c41ffc93114b5be059
SSDEEP

98304:M8uUbnkLfXg3xotRUq3mVUQSGnUy8Cvfw8nAWaMzrhhzsvm+CLdmyEdoX91r4nRH:7uSxoMr7nUQwGAGonO6cD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bcbad47d380a3b7f98852751fb4461cf8a5090114c7d0337ad07bf2e3718aac4
unpack001/out.upx

Files

bcbad47d380a3b7f98852751fb4461cf8a5090114c7d0337ad07bf2e3718aac4
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mtmd
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mtmd
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ