2a9a30a7bc98f084129d2d25f9625091aaa6eef4f7b150fca7cb8a9ec497da28N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a9a30a7bc98f084129d2d25f9625091aaa6eef4f7b150fca7cb8a9ec497da28N.exe
Size

141KB
MD5

2893ab6765ee85394500bdd0f74df0f0
SHA1

0d7513fd9199db9b919b25ce4129f97391be5a50
SHA256

2a9a30a7bc98f084129d2d25f9625091aaa6eef4f7b150fca7cb8a9ec497da28
SHA512

1a92da89efc036da27308a51e4736b244f3b1ed5144a7368516903f45d3a2a03577eaddddf7675e4bfdf53cdd27e8fe4e923d786434afc3f21d6b98e4d9a8fcb
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZTrQFljFEwOxW3o/v7V+T:KQSo7Z4ljKwOgobE

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2a9a30a7bc98f084129d2d25f9625091aaa6eef4f7b150fca7cb8a9ec497da28N.exe
unpack001/out.upx

Files

2a9a30a7bc98f084129d2d25f9625091aaa6eef4f7b150fca7cb8a9ec497da28N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ