1dffd2a06985bf693b30316b8a1b5b46c910b17e345d8a26f0a4d68cfbb77f27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1dffd2a06985bf693b30316b8a1b5b46c910b17e345d8a26f0a4d68cfbb77f27
Size

74KB
MD5

e9489793b4f1a85acf1dcb025a580d9a
SHA1

c0db889e437b85d964555ebbd58b67316e508497
SHA256

1dffd2a06985bf693b30316b8a1b5b46c910b17e345d8a26f0a4d68cfbb77f27
SHA512

a3845833c1dcdc7507614d3ebfcd1ab117103303f85fc12f8e0cb4d8ab843d9816b643ecb659ce9738914e3f775fb4931d802c0e28c77744961672a05ab12b0b
SSDEEP

1536:0MzREQWB2kcC1U/UUpUWbh8UH9SZ47Qn/gQo9dZ1LzExOh:ttEpBn2/H9SZ4ugiG

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1dffd2a06985bf693b30316b8a1b5b46c910b17e345d8a26f0a4d68cfbb77f27
unpack001/out.upx

Files

1dffd2a06985bf693b30316b8a1b5b46c910b17e345d8a26f0a4d68cfbb77f27
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

petite
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE