blackmatter | 51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f | Triage

Sharing

General

Target

51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f
Size

34KB
MD5

76c242bdf600d151aceb5c09b81ed447
SHA1

f45d598dc49acc4271d38895363fe3cf1d390a54
SHA256

51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f
SHA512

35eb33b57f5ef16976b39c6dc5c7868495693f43cd7758cb7070d9dc3fdc9ac65d6fe0d828c6c974f5caf8f908b289e0b1ba8a0f58d176f9ae83356915934183
SSDEEP

768:EegeEbf2rriFVI1kggGVtSMC2F7QGIFFBMterI6ywBuO1NJ:uE+VYVYMC2F7AoterI6yR2r

Score

10^/10

upx blackmatter

Malware Config

Extracted

Family

blackmatter

Version

1.2

Signatures

Blackmatter family
blackmatter
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
upx

Processes:

resource yara_rule

sample upx

Files

51cb81ec805a5fe9f67ab14cee4703ca83840285cc81d50761b18092bed8745f
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.ransom
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ransom
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ransom
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ransom
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ransom
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ