9d9a44ad08e8ddb2b0c7b25c734f7cc27d9d55b061310124d70a34e012b2f71e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d9a44ad08e8ddb2b0c7b25c734f7cc27d9d55b061310124d70a34e012b2f71e
Size

2.6MB
MD5

fe438b332eb6ddf47a2426f575b86143
SHA1

9ab8d39bbbfe5fc5797bd06ec8e2e96c88e3c40e
SHA256

9d9a44ad08e8ddb2b0c7b25c734f7cc27d9d55b061310124d70a34e012b2f71e
SHA512

684645fe58d69fd6559c678b75bc5b1186d9c9cd7b193a8b2227ab409344e9b65c4d9d529a50026ebd26d237f8276f1dcabf38fb07dc7786fa31030c39b44221
SSDEEP

49152:lLfABPN5js0P+FastAQ/7rFYsjsRXxzARGtfEaIsSGmKwPsPtiS2EM:9Y5jt3stx/7r2sQRX9AfaZSb+iSlM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
9d9a44ad08e8ddb2b0c7b25c734f7cc27d9d55b061310124d70a34e012b2f71e
unpack001/out.upx

Files

9d9a44ad08e8ddb2b0c7b25c734f7cc27d9d55b061310124d70a34e012b2f71e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ