6a211a31ce9804c438538a7520fd5e67ff45a84b6e79480524af33d6e54a7ba8[.]exe | Triage

Sharing

General

Target

6a211a31ce9804c438538a7520fd5e67ff45a84b6e79480524af33d6e54a7ba8.exe
Size

90KB
MD5

ffe8f0acb0b98d841c79ae1896e7c529
SHA1

29ab45898bf9dbae712d904a70cca44105feb078
SHA256

6a211a31ce9804c438538a7520fd5e67ff45a84b6e79480524af33d6e54a7ba8
SHA512

3d20856c25507cdc92d4da1c295df9add7ab2b7c8caba4480cb40cadda30f1cbd5d23b130e048d4da7c5bfb45772eb50f4154d6b1b81fb64ead67c5a99e9425b
SSDEEP

1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDA:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE36

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6a211a31ce9804c438538a7520fd5e67ff45a84b6e79480524af33d6e54a7ba8.exe
unpack001/out.upx

Files

6a211a31ce9804c438538a7520fd5e67ff45a84b6e79480524af33d6e54a7ba8.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ