1ffe5563c58dd0e8ce1c628d3e4c2a069cfb202def7aa64331ad7dfcd3ba4f03 | Triage

Sharing

General

Target

1ffe5563c58dd0e8ce1c628d3e4c2a069cfb202def7aa64331ad7dfcd3ba4f03
Size

739KB
MD5

8fc37190cc209d82cc01dc571c3dafd6
SHA1

a0903c827dd10d49d0f9decb4b335b7ddf5a21b8
SHA256

1ffe5563c58dd0e8ce1c628d3e4c2a069cfb202def7aa64331ad7dfcd3ba4f03
SHA512

d92d1e26597165d9ad8d731415fbef3ec3315bd5cc30b7e2ac5a07208a1b9d4c28ea7cb8a04173cea698e2b887b918f71b37c6adbc2aafbff12024d41b2126fd
SSDEEP

12288:F8vSZGaEdFgPDodfkdfJklofnwc+6LUyqvc1IvyXWUZl/ylmD1Am0Qsei9cOh6EO:aqZGaEdFgPEdqa6YcNIDvc1I25ZBDotS

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
1ffe5563c58dd0e8ce1c628d3e4c2a069cfb202def7aa64331ad7dfcd3ba4f03
unpack001/out.upx

Files

1ffe5563c58dd0e8ce1c628d3e4c2a069cfb202def7aa64331ad7dfcd3ba4f03
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 723KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ