85215c82405b536a3b55105bb3fe361a[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85215c82405b536a3b55105bb3fe361a.bin
Size

358KB
MD5

1b82f0f16c75b4d9b4284e8a3e85c711
SHA1

3c2607d8f377a90c6e2ecac4f7833e7e354a4c3e
SHA256

5a4c060d0312cc5f910ebcef254207ab80e892506d1d04c46f9753f778a66d22
SHA512

ad9d32c0aacc70ec1a2312034cc6aa3fc8f770a97f45f6ca0a830abbda447b36adcd22c599fdb109ba339d42f2b627e6bc5501698f0513c917214ff1700be281
SSDEEP

6144:kCQz82ml65larVmZCir6NeYveBwXnYcr+59M8jGT+50TjeFvkl6pGiLsrGjHYK2E:boo67arErAeYXjrc9MkGSQQvkTAcbKBp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/141262cbd24e43f4c8911c32896fe6c1f0f5e171e8e6e6bd26a24a7bfde0dcd0.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/141262cbd24e43f4c8911c32896fe6c1f0f5e171e8e6e6bd26a24a7bfde0dcd0.exe
unpack002/out.upx

Files

85215c82405b536a3b55105bb3fe361a.bin
.zip

Password: infected
141262cbd24e43f4c8911c32896fe6c1f0f5e171e8e6e6bd26a24a7bfde0dcd0.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 768KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 302KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 290KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 524KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ