3529f0a6498e695d5278b41628b320e82b46b6d5f74fc7105b8a9d4a73152539 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3529f0a6498e695d5278b41628b320e82b46b6d5f74fc7105b8a9d4a73152539
Size

1.1MB
MD5

33761a634752c9043d6251a002f50a58
SHA1

7c3b881a7384a61b7222ef44585460d869ab9685
SHA256

3529f0a6498e695d5278b41628b320e82b46b6d5f74fc7105b8a9d4a73152539
SHA512

e4816e1fe40d7ed5df04e4f31ca3f4a63c1d63a686b814f0ed3f36fe2fb974729954645946ca14fef90424353428d16eb223267a7cb7f88f39ad490c1db30035
SSDEEP

24576:Duld2ESoHu0zG4yb5wk6XSgNf8PTSyD0r4jaot73S:DufMn4Ryb5lsk7Sy+4jtt7

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
3529f0a6498e695d5278b41628b320e82b46b6d5f74fc7105b8a9d4a73152539
unpack001/out.upx

Files

3529f0a6498e695d5278b41628b320e82b46b6d5f74fc7105b8a9d4a73152539
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 956KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ