ae8db847b2d81587fb2f5f6d6bf6ee7d98b3f9639c08949d694d8add6c8d239a | Triage

Sharing

General

Target

ae8db847b2d81587fb2f5f6d6bf6ee7d98b3f9639c08949d694d8add6c8d239a
Size

90KB
MD5

cd39794a59066a3983bc2ddb167bb8a1
SHA1

fc533e432e4feb04c8fcd5daff7e6d75e8984493
SHA256

ae8db847b2d81587fb2f5f6d6bf6ee7d98b3f9639c08949d694d8add6c8d239a
SHA512

ff9a0550f4ea7db6c4999be06468303c651b3413fcbad47642235b8e3b5a84f1e41c175d856122d1fd73ddfec69962fa6f31313250a908bf2da2d4e04036cdec
SSDEEP

1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDc:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3+

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
ae8db847b2d81587fb2f5f6d6bf6ee7d98b3f9639c08949d694d8add6c8d239a
unpack001/out.upx

Files

ae8db847b2d81587fb2f5f6d6bf6ee7d98b3f9639c08949d694d8add6c8d239a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ