51275214e124c964293e4bebeb2468e6[.]bin | Triage

Sharing

General

Target

51275214e124c964293e4bebeb2468e6.bin
Size

5.4MB
MD5

6465edb09d8a9024df927a52350ee9c3
SHA1

3d17a27dd0c82b878a917208e7d7edd3d397dc7b
SHA256

5872191f73de10bf24cff1f85ef10cad6905e9c6343842065a093da70c4dc403
SHA512

1dcbed8e914ad3a8aef74f49a105d73dbe3de1186913a2abbdaeb1f62ee3a89b1fb9777c4134832b63348790ea70de10269c67b3da54263d5837c857507c9430
SSDEEP

98304:iOSOM7Mk/LGLyktfu7fMDYfzyN3R9ONrS/oZTvBtr/KHiXJOZQ+3ozunyRVmkGLo:iOS7Mk/LRk5uQQzyr9Suo1vBpyHuJOZi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/5974381c7166bcf9ba9d9a9f01203c32a33bcbab99a221b15adbbd2f30e1921d.bin	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5974381c7166bcf9ba9d9a9f01203c32a33bcbab99a221b15adbbd2f30e1921d.bin
unpack002/out.upx

Files

51275214e124c964293e4bebeb2468e6.bin
.zip

Password: infected
5974381c7166bcf9ba9d9a9f01203c32a33bcbab99a221b15adbbd2f30e1921d.bin
.exe windows:4 windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 934KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ