9a0061531cd76bc700aa19b995a2ef2b[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a0061531cd76bc700aa19b995a2ef2b.bin
Size

4.9MB
MD5

0a102c06591c290f74498b40a1ce8e8e
SHA1

f7618e4628a81a0dc2a734b6accabc198eac6126
SHA256

22408c7601f1decd47b47b758f17c0a5e8642e9e9b49c41352026ab09b9ee5d8
SHA512

977d80f73ddb7bf3b0ca86ffc5c28c6f4d1ba83f7c0b4cf63fcdcf0f6d2d927c2da90651037e1e5ceeb455285da241cf6d03e70c72d4d99723f30857a8606d9c
SSDEEP

98304:qebZCa7ya9Yvv8nxdFd3OveVL/gnAkKHKL6RV7fvTgLQC/P9VOhIxxM:7bGxH8nNB7VL/tOuV7cLxH9Dxq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/0f10d9369da48622c47b87f91190889d0188449c43e39bd5bfcd24f73e7b6e70.bin	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0f10d9369da48622c47b87f91190889d0188449c43e39bd5bfcd24f73e7b6e70.bin
unpack002/out.upx

Files

9a0061531cd76bc700aa19b995a2ef2b.bin
.zip

Password: infected
0f10d9369da48622c47b87f91190889d0188449c43e39bd5bfcd24f73e7b6e70.bin
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ