6becc187eab189c3fa9432f9e89014f85779b9b8117937d6b483d89a625044a6 | Triage

Sharing

General

Target

6becc187eab189c3fa9432f9e89014f85779b9b8117937d6b483d89a625044a6
Size

3.6MB
MD5

6648117c32eb206edf7db8cbd00c02f0
SHA1

913422c276778bbe5394dbbc48fea57181ff7038
SHA256

6becc187eab189c3fa9432f9e89014f85779b9b8117937d6b483d89a625044a6
SHA512

65b8cf5735a0d7983f2f0d39ab5844ab74f158aad8bf14afa9846115ee79632015fb92e0dee584539309fb0ca1fea0a5b7ba618cddff3556b2b8a17ffe451fdd
SSDEEP

24576:xsSj+tScZdWS3sVGVyWj4XAB1gGxLKbSe5H27gUX9byX5v1xyZUJyWqsmsWSgfbM:GS6shQ19y3C+oW+RljsRl

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6becc187eab189c3fa9432f9e89014f85779b9b8117937d6b483d89a625044a6
unpack001/out.upx

Files

6becc187eab189c3fa9432f9e89014f85779b9b8117937d6b483d89a625044a6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ