e840b65766bc34dc48a020b7d8b108e1367491348c8ad64177b9bcf90824167dN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e840b65766bc34dc48a020b7d8b108e1367491348c8ad64177b9bcf90824167dN
Size

42KB
MD5

26df75f419659e338bae29972ac19b80
SHA1

091cec33f0f9b04d9c77129b66cf51b1000b733e
SHA256

e840b65766bc34dc48a020b7d8b108e1367491348c8ad64177b9bcf90824167d
SHA512

5daa5b0d661d2b9bfa6dc75ce3bc4471d8b3bbea0226bbf3c0250b4267b882ee40790dbddbe75ee936e56c18ec602fc50525d714314cf7235cf9a7dd20d00892
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJPbUEobUE51lRtJicszsOVCGyIr0yIO:kBT37CPKKdJJTU3U2lRtJfOv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
e840b65766bc34dc48a020b7d8b108e1367491348c8ad64177b9bcf90824167dN
unpack001/out.upx

Files

e840b65766bc34dc48a020b7d8b108e1367491348c8ad64177b9bcf90824167dN
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ