bandook | 13140000[.]iexplore[.]exe | Triage

Sharing

General

Target

13140000.iexplore.exe
Size

10.3MB
MD5

28fde7ef1382e75ffcb993694bef64ff
SHA1

e8fb141652c6612b859148800852879e2a388363
SHA256

2cf295f36e354089a07421db74c74e7d7b73b278c987abad2162349c28b614ad
SHA512

9c1b5190210198fdde0c0f66751bc507a91529eff0c0c174d5108725a7fb925c5580bebfbf6cc39cc5cd555ade2bb204a88364d0708fc31fe647058a6a8e504f
SSDEEP

3072:9p05ARM4WXkydwweoMcijdclaTqgY1slOyro6Iy:9Ov4Wow0KQo

Score

10^/10

upx bandook

Malware Config

Signatures

Bandook Payload 1 IoCs

Processes:

resource yara_rule

sample family_bandook
Bandook family
bandook
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

13140000.iexplore.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 10.3MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE