8681be04cff6fc5fc75863742cca0dd056084c89acfb97ea96616d244175de73 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8681be04cff6fc5fc75863742cca0dd056084c89acfb97ea96616d244175de73
Size

3.6MB
MD5

16db3b154441a64fdff413f0cfd57549
SHA1

837707018dd1efd9e6f009b2dcf2c9f649f5a1ff
SHA256

8681be04cff6fc5fc75863742cca0dd056084c89acfb97ea96616d244175de73
SHA512

30368b6b7b088c4b1ae530f97af28af1df713367af234bf3338a0f5700797da13f7b5f2bb6fb6cdaa4877bfaa7a61450d1bb8f1adae06fd7f26c93284f67e218
SSDEEP

24576:TsSj+tScZdWS3sVGVyWj4XAB1gGxLKbSe5H27gUX9byX5v1xyZUJyWqsmsWSgfbO:4S6shQ19y3C+oW+RljsRH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8681be04cff6fc5fc75863742cca0dd056084c89acfb97ea96616d244175de73
unpack001/out.upx

Files

8681be04cff6fc5fc75863742cca0dd056084c89acfb97ea96616d244175de73
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ