BibleLightning[.]exe_11633120705[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BibleLightning.exe_11633120705.zip
Size

1.8MB
MD5

1ed66c1295e05352fea72cdcb1994fd4
SHA1

913eff31647e61ebb222f0d2e3fe6c48967918c2
SHA256

1512989b6b8b00c269e9140630bef0cc0d4b3c107a3c7e290e620116189ab77d
SHA512

b936efab07e6e9eb7eadba28a57e65d0765b87f14e7361a33cdbbfc331f7049fbecc2e4c189839631ef25e270469fe07d812d01ff7cd67b207ab3119617eeb8c
SSDEEP

49152:MsCELO1XllQH6SRq3koZyw9MdRFXE/JOi8pB:pJaXllOV0ywe5oNSB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/24e7ecdcaa6f0400aad5ca51e6ac5cc667ec1b23c0b172d8ac080c89a13cad7c	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/24e7ecdcaa6f0400aad5ca51e6ac5cc667ec1b23c0b172d8ac080c89a13cad7c

Files

BibleLightning.exe_11633120705.zip
.zip

Password: infected
24e7ecdcaa6f0400aad5ca51e6ac5cc667ec1b23c0b172d8ac080c89a13cad7c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 7.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE