6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN | Triage

Sharing

General

Target

6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN
Size

25KB
MD5

b046c2b0869b17d855062e0a6f0392a0
SHA1

bef96b677c2dc0a25099e074a9af7a3a44c336fc
SHA256

6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2b
SHA512

df819ccf578f77eba244c11dfc2c924915f8564bfccc4918ac172902cbd04de9fbd42ef3cfe38c5edcc21856bc0b032372d81333be291551d584e3d827668cd6
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9T6u77:kBT37CPKKdJJ1EXBwzEXBwdcMcI9p77

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN
unpack001/out.upx

Files

6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ