657e0e0e682c2029b334a7fd1b1ba2e84587e9a9bd68324df914e1f050c532e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

657e0e0e682c2029b334a7fd1b1ba2e84587e9a9bd68324df914e1f050c532e6
Size

2.7MB
MD5

79f5f25abd98b30eb022288118d6aced
SHA1

d3a76e5b61aea110a8b74fd79ce395aef98e5caf
SHA256

657e0e0e682c2029b334a7fd1b1ba2e84587e9a9bd68324df914e1f050c532e6
SHA512

59b6b48b7b37d96ae45037d506acb16356163eae6dac9165a4e6206373f6cd5ddb8c9c31ae79957af8d645635edc6a57b7cf61741b287c4c49c41b43f7175163
SSDEEP

49152:SCAsY7MFyeuDrRtuKC/0994TWNwTEKQR06qQqZ8g4Tb0K72Cj9iH2dOLu2IdNMHT:AsYgyFHRtuR/09GTWNa9dBZortj9iW8k

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
657e0e0e682c2029b334a7fd1b1ba2e84587e9a9bd68324df914e1f050c532e6
unpack001/out.upx

Files

657e0e0e682c2029b334a7fd1b1ba2e84587e9a9bd68324df914e1f050c532e6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ