18bc7c8a444b9c5f9d9510d0d7109e3615f70f45c707a349d476e67929325c94 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18bc7c8a444b9c5f9d9510d0d7109e3615f70f45c707a349d476e67929325c94
Size

3.8MB
MD5

c6a7ef4a4816c2ca0a3e3e1ca6ac6365
SHA1

0b909f5db5bb2c8d8f2d04ba9e49ad30aa2111e1
SHA256

18bc7c8a444b9c5f9d9510d0d7109e3615f70f45c707a349d476e67929325c94
SHA512

3272bc3c61f649cafde9be46c53d4d9ea8dcd8178d6e229284199087636b7ae7a2a1015f9b9556c4731c1c066ed061c39515dcb17d7e9a937bf3db97cdf41160
SSDEEP

98304:yMqnEKuACrvTR0yCYS0XKywCokrLr656EvZ/XO6M9/NPcTbQ4CVdzCpcjuRfUj:yM6FcbtMyJHnAdxMlUob3QRfUj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
18bc7c8a444b9c5f9d9510d0d7109e3615f70f45c707a349d476e67929325c94
unpack001/out.upx

Files

18bc7c8a444b9c5f9d9510d0d7109e3615f70f45c707a349d476e67929325c94
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1024KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ