7cb01305a30a19b6a4bf8bab7dd177a8c89c2aba321a402ff6623d6c8e8b3431 | Triage

Sharing

General

Target

7cb01305a30a19b6a4bf8bab7dd177a8c89c2aba321a402ff6623d6c8e8b3431
Size

378KB
MD5

4b524c23e015a5b7c799f894394b2af6
SHA1

208d4e962c77a02b32940c176f3f5c2791664bf7
SHA256

7cb01305a30a19b6a4bf8bab7dd177a8c89c2aba321a402ff6623d6c8e8b3431
SHA512

2a39b06bff59870174ba7b06969e8245b6c187b95e6fb64c19a4aa6d399223e6627f41ed561e98cfa2ae23f4f918a92ce5d3b96bee9605f49263bb39ae7c5241
SSDEEP

6144:KQSoFcaJT/4DO/B52pRr3zmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV69:KQtnJj4DO/B52nZPg

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
7cb01305a30a19b6a4bf8bab7dd177a8c89c2aba321a402ff6623d6c8e8b3431
unpack001/out.upx

Files

7cb01305a30a19b6a4bf8bab7dd177a8c89c2aba321a402ff6623d6c8e8b3431
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ