21914d2110cd54bc54203677f16ae70d | Triage

Sharing

General

Target

21914d2110cd54bc54203677f16ae70d
Size

1.3MB
MD5

21914d2110cd54bc54203677f16ae70d
SHA1

939d4698cd3614e97fb949098f231ef1e453cf6e
SHA256

b387ae291e2cbc7e81270b87bf6de0a4083359baebe96143437ac46ac6468004
SHA512

539c151d7ce9aefe9b77308daaecf9c6a3d2070b5b92cae5f9c706b3341a2db296f5a7072f85ce0e597cc87445f1af1139c28d58c56311d4c1bc1f96adae5e48
SSDEEP

24576:qZF6CbFx1xkzsjXbNszAd/UOHNwTs1tDRHTmCLYOQyOGSWe7:NgSzsv6zo/UOHNwTaXHTmCEmLSx

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/bugoodomainV1.3.1/BugooDomainCore.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/bugoodomainV1.3.1/BugooDomainCore.dll	upx
static1/unpack001/bugoodomainV1.3.1/bugoodomain.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bugoodomainV1.3.1/BugooDomainCore.dll
unpack001/bugoodomainV1.3.1/bugoodomain.exe

Files

21914d2110cd54bc54203677f16ae70d
.rar
bugoodomainV1.3.1/BugooDomainCore.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetRandom

Sections

UPX0
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 717KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bugoodomainV1.3.1/bugoodomain.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 554KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE