42c8b4bbf1d89835f2b2eb463e2c6a8e0292a16afd8552a83c99c568c29885b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42c8b4bbf1d89835f2b2eb463e2c6a8e0292a16afd8552a83c99c568c29885b5
Size

88KB
MD5

91453536a7cc99099d3fa3e11b2e2ea9
SHA1

1780c2178b8e3383b2fd36b27d6466187bbf007e
SHA256

42c8b4bbf1d89835f2b2eb463e2c6a8e0292a16afd8552a83c99c568c29885b5
SHA512

10db1fd93e493a9a26972d2a3620d7f0eb1071675f410e4c55c87568ef0f15588760f3fabf3ea4bdd6caae64fc05c3abf83bb34765a0661de0425a86bcefcbf2
SSDEEP

1536:CTW7JJ7Th+oTQbmMSIBSFHQi8bLRCw/UnElCD+kffteA05vCfFk/cs2/w+0Yomxk:hN+ocbmMSIBSFHQi8bLRCw/UnElCD+ky

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
42c8b4bbf1d89835f2b2eb463e2c6a8e0292a16afd8552a83c99c568c29885b5
unpack001/out.upx

Files

42c8b4bbf1d89835f2b2eb463e2c6a8e0292a16afd8552a83c99c568c29885b5
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ