bc02e63b1a5079aea970f7583860e978eefff0241f0b08ee212b9ebb3dc9e5fbN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc02e63b1a5079aea970f7583860e978eefff0241f0b08ee212b9ebb3dc9e5fbN
Size

21KB
MD5

1a2be3ee3d6ed5ec67a04280e9506d00
SHA1

f34cc632df2c2233b8989273d018aaea8e159c5c
SHA256

bc02e63b1a5079aea970f7583860e978eefff0241f0b08ee212b9ebb3dc9e5fb
SHA512

aaa29020b6b0c2c8dcc2d608479cbc3bf1349c1794f96608a8391c92d8481dea4217d5ccf43bf6aaeb96a92e8e1d2731c99658a9a7d11c88e9cf7f42f7bec603
SSDEEP

384:ToD7A9QAAVk00LhMkiHSdCkgKPhY4lMm1bHo0CWG2ELmB2s:ToD7A4Vk00l/rdxY4HcMGZLY2

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bc02e63b1a5079aea970f7583860e978eefff0241f0b08ee212b9ebb3dc9e5fbN
unpack001/out.upx

Files

bc02e63b1a5079aea970f7583860e978eefff0241f0b08ee212b9ebb3dc9e5fbN
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ