f7cabe1b7b87f56f1f70fb840a3d79471a7cb2ae469ff18ac26358d3eaa512c1N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7cabe1b7b87f56f1f70fb840a3d79471a7cb2ae469ff18ac26358d3eaa512c1N
Size

70KB
MD5

1edf0fb30128e89faf18828dd9aa44c0
SHA1

71df8dfdcb245fc918bb684aaa28fc6807679c39
SHA256

f7cabe1b7b87f56f1f70fb840a3d79471a7cb2ae469ff18ac26358d3eaa512c1
SHA512

73ac529f67c919abc3bf0539a4e7e086026755bf17a4f158be2e33f7915b8b530e9079d798714c11e229bdde0d9f7d02051c087258a6cff135afaec44e91d63b
SSDEEP

1536:CTW7JJZENTBAOIfmKJfmK8TW7JJZENTBAOIfmKJfmKx:htEStEY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
f7cabe1b7b87f56f1f70fb840a3d79471a7cb2ae469ff18ac26358d3eaa512c1N
unpack001/out.upx

Files

f7cabe1b7b87f56f1f70fb840a3d79471a7cb2ae469ff18ac26358d3eaa512c1N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ