506fb309221a51d81b7244cf8b64aa6abe1c53a599b4963be94448253a42e339 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

506fb309221a51d81b7244cf8b64aa6abe1c53a599b4963be94448253a42e339
Size

1.9MB
MD5

0ce31cdcc48893641afcd471b6f48b16
SHA1

4cdf4b2374c0539ce2893966c9eb8264d52e6c64
SHA256

506fb309221a51d81b7244cf8b64aa6abe1c53a599b4963be94448253a42e339
SHA512

34271492a2f4ab4c8e522f427458c1a5f20dff5c89c0e0abe8b3e9b72e754e1b46a2c8f93608da11c5b88137db053e24545e727d7b90c1901666d782597edade
SSDEEP

49152:lUqB4PJRBcghp89snZC0N2OrJV8PW1d4LL87kod+2dBoJkW:lUqurBcQBJV8PCd4s7/d+2dBKn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
506fb309221a51d81b7244cf8b64aa6abe1c53a599b4963be94448253a42e339
unpack001/out.upx

Files

506fb309221a51d81b7244cf8b64aa6abe1c53a599b4963be94448253a42e339
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ