udt[.]exe | Triage

Sharing

General

Target

udt.exe
Size

178KB
MD5

270d502799d2275f699b9fe397ac2557
SHA1

07994f41ff19574f22e94b4a5e385f84f705796d
SHA256

b1bc6360cf43ceda6a059fca4fe120cfa63140417eaa798f6dc53fb03a02c433
SHA512

e99243490e0fb67e4941fe2da1a41eac82e73be2fa25db728635a1a5d082539298a98aeafd49fc4027a2a0c1940a59c80378e9ba1411bdfb54e16d84158c895f
SSDEEP

3072:WeMvGqWVvPVWsi85OtMFMMs3D7sAYvk7FcbrmF83C42HvTtKWzOqz2IMJz5Ax9a:WeEPW7x+MwsAO6GXqSCDHvTtKWqs2I4x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Device/HarddiskVolume4/Users/PM19/AppData/Local/Temp/UDT-IGBAOGAHFAIGPAGBPHPA4/udt.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Users/PM19/AppData/Local/Temp/UDT-IGBAOGAHFAIGPAGBPHPA4/udt.exe
unpack002/out.upx

Files

udt.exe
.zip

Password: ow&b!54X6x_#4gT@9BT4
Device/HarddiskVolume4/Users/PM19/AppData/Local/Temp/UDT-IGBAOGAHFAIGPAGBPHPA4/udt.exe
.exe windows x86

Password: ow&b!54X6x_#4gT@9BT4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 177KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json