IPGN1OI1GZ | Triage

Sharing

General

Target

IPGN1OI1GZ
Size

859KB
MD5

2c5fbaa8e46bd733a271b2fd42fdedae
SHA1

4045f60a8440fb99913289781245c1ed1b7f7f2a
SHA256

a3172309e7b6b4ceae4e232a0a399b7cb2c28c4e6a671fe28e9a590ac8b1b972
SHA512

a87213f2c47a92aaf5a0026028042a408e2c8eeed5cfcdff4e6c67820f18720bde4ab94165dc31ade2ca1400a5abea315b7a74bfa3b6f23d410d0c3822397664
SSDEEP

24576:cUwL2BS6ledT9fdfG2JYDrGW00VZL/hZZxJJ3Qa:mhRUcW00VhhZzD

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/KkKL23yz.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/KkKL23yz.exe
unpack003/out.upx

Files

IPGN1OI1GZ
.zip
KkKL23yz.dat
.zip
KkKL23yz.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 800KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 436KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 916KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KkKL23yz.png
.png