358efab7d5e2ab8d36ab3e1ceba9462bc0831ca9ec9ee453e6c363865c9ce2f8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

358efab7d5e2ab8d36ab3e1ceba9462bc0831ca9ec9ee453e6c363865c9ce2f8
Size

38KB
MD5

b28f458a9123ac5583e9811735e59889
SHA1

86fd4f9de6cb62aba44d150240ca392d68c74970
SHA256

358efab7d5e2ab8d36ab3e1ceba9462bc0831ca9ec9ee453e6c363865c9ce2f8
SHA512

6752ba18b63c442644520f2c621a365d0cb8522e8922f7c247d9e93814758ece576ac333e3e376228045dc25eecf16887c50cde917dec32a6f1c292fbf7b202d
SSDEEP

768:kBT37CPKKdJJTU3U2lRtJfOLP7PCzATJ+zATJI:CTW7JJTU3UytJfOL7Y

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
358efab7d5e2ab8d36ab3e1ceba9462bc0831ca9ec9ee453e6c363865c9ce2f8
unpack001/out.upx

Files

358efab7d5e2ab8d36ab3e1ceba9462bc0831ca9ec9ee453e6c363865c9ce2f8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ