805b2426b824d9e3eae0c8e6f34d2fe5faebddd0e9c235ab40a5f8ad9ef1edc8N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

805b2426b824d9e3eae0c8e6f34d2fe5faebddd0e9c235ab40a5f8ad9ef1edc8N
Size

39KB
MD5

4d5e9d6518595621526fb1bce2b0b860
SHA1

48e9c5059965bb94b8e8a41c96ec60c3c65a66aa
SHA256

805b2426b824d9e3eae0c8e6f34d2fe5faebddd0e9c235ab40a5f8ad9ef1edc8
SHA512

4115ae85110dcd151b0dff60b492b71d6be6acb532074bc5128d272e2a5c5ff225d472bdbd80db81116afb22982fc03ad9911f4d7b823e49b4efe17e5cf7f8c2
SSDEEP

768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBApwp133EskmKsN33EskmKs0Fln:CTW7JJZENTBAOIfmKJfmKjT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
805b2426b824d9e3eae0c8e6f34d2fe5faebddd0e9c235ab40a5f8ad9ef1edc8N
unpack001/out.upx

Files

805b2426b824d9e3eae0c8e6f34d2fe5faebddd0e9c235ab40a5f8ad9ef1edc8N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ