b5be6a7235ad9e00d8bfabf5cd292db9[.]bin | Triage

Sharing

General

Target

b5be6a7235ad9e00d8bfabf5cd292db9.bin
Size

14KB
MD5

c3b7721ddaf0bb35840feb3647706953
SHA1

489cf34d041a0fb6b4736c19246ebe4687f61632
SHA256

0e9537d7f05f53c4e0d252b5aca5b836a9293575b1ca6ec16bf1172ae5c2b4dc
SHA512

7595dee2c9063376937f12be17e1bdd2ee9e61a362c672b44fc626e6e714b80724b782a8a6603266808bb2ed2f7c1c23f8508a77112da896befcb8f30e2a5ca4
SSDEEP

384:diScp822RH0gvl1ecbvVN5l99l8m4LGuMhdBgvwrpU3:d36xsUmlRzV19tLD94qi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/85beb406845c744f7105ab65add81da74a26c72d9ab094b09b67c67e7e38edfe.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/85beb406845c744f7105ab65add81da74a26c72d9ab094b09b67c67e7e38edfe.exe

Files

b5be6a7235ad9e00d8bfabf5cd292db9.bin
.zip

Password: infected
85beb406845c744f7105ab65add81da74a26c72d9ab094b09b67c67e7e38edfe.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX3
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ