5cff9a7bfb1baa8346d2dbae3b4b19c3a022d57e9bfafc98f50dd11ce620174f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5cff9a7bfb1baa8346d2dbae3b4b19c3a022d57e9bfafc98f50dd11ce620174f
Size

525KB
MD5

4afbc2619ae223c2f0b490f85c8e39b9
SHA1

4a73da5fb3d93a2384c74d386853b4002a879333
SHA256

5cff9a7bfb1baa8346d2dbae3b4b19c3a022d57e9bfafc98f50dd11ce620174f
SHA512

e4d557bc3bf6652cfc1ea4157a3faa81e4d7fcd899e3e40714c26c19710a49ab9bd5a93af7c06a7cd53779a3c010386f0fd53d61bb735dabb2389842729786af
SSDEEP

12288:dR0Ut+CABAUt4oZ41TyQgKt4UZYpYHlCggkfETGntb:LdiB4DyrKtDZYSHFfETM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
5cff9a7bfb1baa8346d2dbae3b4b19c3a022d57e9bfafc98f50dd11ce620174f
unpack001/out.upx

Files

5cff9a7bfb1baa8346d2dbae3b4b19c3a022d57e9bfafc98f50dd11ce620174f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 435KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 814KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ