challange_Benign_f8029798409dd13c3d33c72bcc78ef8af43b8400de8b5137b0991dd2c7ad3bc4[.]exe

General

Target

challange_Benign_f8029798409dd13c3d33c72bcc78ef8af43b8400de8b5137b0991dd2c7ad3bc4.exe
Size

9KB
MD5

64f4c5b6801e9100bd37d7c6935233de
SHA1

dc99e40b5431f1f8b4c7be2414309bc4ea11bf75
SHA256

f8029798409dd13c3d33c72bcc78ef8af43b8400de8b5137b0991dd2c7ad3bc4
SHA512

7a345d115c5cb3e86c0fd670d160f35be83af0c5749ce7b8212d6c64f79be00ee549981d47e2d3c74da3ca7d227d50f4939bfc090712a75b37ebeece127eec28
SSDEEP

192:f61kMTBCVWJ/UiLJoSekZPgx0X+4K5kJ9W28xuW/6KL:fgkMNCVWJ/UiLJoSdZPgmvK5k7W28xuK

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
challange_Benign_f8029798409dd13c3d33c72bcc78ef8af43b8400de8b5137b0991dd2c7ad3bc4.exe
unpack001/out.upx

Files

challange_Benign_f8029798409dd13c3d33c72bcc78ef8af43b8400de8b5137b0991dd2c7ad3bc4.exe
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

FilterAttach
FilterAttachAtAltitude
FilterClose
FilterConnectCommunicationPort
FilterCreate
FilterDetach
FilterFindClose
FilterFindFirst
FilterFindNext
FilterGetDosName
FilterGetInformation
FilterGetMessage
FilterInstanceClose
FilterInstanceCreate
FilterInstanceFindClose
FilterInstanceFindFirst
FilterInstanceFindNext
FilterInstanceGetInformation
FilterLoad
FilterReplyMessage
FilterSendMessage
FilterUnload
FilterVolumeClose
FilterVolumeFindClose
FilterVolumeFindFirst
FilterVolumeFindNext
FilterVolumeInstanceFindClose
FilterVolumeInstanceFindFirst
FilterVolumeInstanceFindNext

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 28KB

UPX1 Size: 5KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 84B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 472B

UPX0
Size: - Virtual size: 28KB

UPX1
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 84B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 472B