f83ab6fbe155b2b31625bef2525082d4[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f83ab6fbe155b2b31625bef2525082d4.bin
Size

80KB
MD5

ad3e6bd8f3cd0a5bdc7622e9fe3a730f
SHA1

08d42434a2bbf1a4cfcc07b643bfa9a1e3e8de14
SHA256

580a1fde11711a5cb4c401989b5c2b204270e104db285c1ec4169b3b71f3ed7f
SHA512

7be8b2d150a58747b68f81621caed427877f97d6583dc62b4bc4c3918d63bb69190d00f8c92b3730fc924287a6cabfd4db97a60c9876c1506a251accdb9b434e
SSDEEP

1536:hQee0fHBqc1ZmjdqmjaMZ2UxE2xl4+uPLbrbd1e:hQeeYqcKd57xoL/bd1e

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/6653c1153516376512ba2f346f54248d509867daa8e6c2427fb10a7a4c78721b.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6653c1153516376512ba2f346f54248d509867daa8e6c2427fb10a7a4c78721b.exe
unpack002/out.upx

Files

f83ab6fbe155b2b31625bef2525082d4.bin
.zip

Password: infected
6653c1153516376512ba2f346f54248d509867daa8e6c2427fb10a7a4c78721b.exe
.exe windows:4 windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ