6bf8b1d538486036fbf246aa467667a73e1c15e5a162b48191045a4272c6bc56N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6bf8b1d538486036fbf246aa467667a73e1c15e5a162b48191045a4272c6bc56N
Size

77KB
MD5

53ad0f716a0e489d32b40e83b2e63870
SHA1

b2f449f8dc2abc0ec7063de5225b6ec4247181e2
SHA256

6bf8b1d538486036fbf246aa467667a73e1c15e5a162b48191045a4272c6bc56
SHA512

98b4d79f8a854dec211e980c0dd15e1275b775f730a6e141d5e5904acc8b017cd378fe5b737e6052a9413f772d53259eb501871dadb5cf4636e4af3bd9f0e0f0
SSDEEP

1536:CTW7JJZENTBHfiPR7C5C7C53TW7JJZENTBHfiPR7C5C7C5e:htE0tEK

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6bf8b1d538486036fbf246aa467667a73e1c15e5a162b48191045a4272c6bc56N
unpack001/out.upx

Files

6bf8b1d538486036fbf246aa467667a73e1c15e5a162b48191045a4272c6bc56N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ