c1a306602fd82112baf0ae4118f935fb4b531840fac7509f655d3f14ce8fd077[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c1a306602fd82112baf0ae4118f935fb4b531840fac7509f655d3f14ce8fd077.exe
Size

788KB
MD5

3989d11001ea45e92d152c0f53eeedf4
SHA1

e80d22775d3216677bf6a7dbac323e77f643d9fe
SHA256

c1a306602fd82112baf0ae4118f935fb4b531840fac7509f655d3f14ce8fd077
SHA512

cc232e0dd6ce05b8e7558e34c7ca2fcc7091fc4fb27739948fc8bf6f097f6028e832083760b62def7d464bcca55be826da765d87b05ba7cb9da9f7cc5f8be79a
SSDEEP

12288:Lhwh7NnrlOwHr5lSAWhD0IVH0SS8DCncG0NMhKH7nMvWUExetpVPkmhm7u:l47ZJHbSAjqUSS8DvG0MSbMvWjeZk

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
c1a306602fd82112baf0ae4118f935fb4b531840fac7509f655d3f14ce8fd077.exe
unpack001/out.upx

Files

c1a306602fd82112baf0ae4118f935fb4b531840fac7509f655d3f14ce8fd077.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 984KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 737KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ