bilkad[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bilkad.exe
Size

4.3MB
MD5

c4fe973e479a2af02dce5b9888e97917
SHA1

4b83acbe8f078f08a2ff190ef5391d50484fa7e7
SHA256

5c6e675359884a3f82edd6c3085ecc8a28b465b88e313e05915cb194aa17a0b1
SHA512

b7167c54a1f186c1ea60e46035b1609c3f91dccf64c59ec8bc1a6d234ac9e10812f57b15bab99abb01a63954838797cf0a19e7f13936b6bd97b73ea793b3beee
SSDEEP

98304:4ICeQ7CGJQrDBC+00+IcXd4ZwynoDQkLoCR453:s37CTrV50NIS4Zj+Qkx4l

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bilkad.exe

Files

bilkad.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE