2444a1764a22fe26a6a7597c566e1f99bbb1cd7d636697a352c7422bf2a6f887 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2444a1764a22fe26a6a7597c566e1f99bbb1cd7d636697a352c7422bf2a6f887
Size

111KB
MD5

aecc7f848834a592be5cb49ad5c4315f
SHA1

4e09b094202714fde48d9b19bb70235f4cbf7160
SHA256

2444a1764a22fe26a6a7597c566e1f99bbb1cd7d636697a352c7422bf2a6f887
SHA512

d7c2a623f4c4a76427eeee9fc1871b93698422b53f3e55835fd37ee72cd089a09829b59719defcb918b237cc161f826df414c24b8332bd7d594ab17c20424f48
SSDEEP

1536:CTW7JJZENTBHfiPQlPdA3NyaM62ot2oxQWG:htElPdA9yaMDT2G

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
2444a1764a22fe26a6a7597c566e1f99bbb1cd7d636697a352c7422bf2a6f887
unpack001/out.upx

Files

2444a1764a22fe26a6a7597c566e1f99bbb1cd7d636697a352c7422bf2a6f887
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ