snoop_has_4[.]5_braincell[.]exe

General

Target

snoop_has_4.5_braincell.exe
Size

420KB
MD5

454521d27c30db6782c18818a628de0c
SHA1

ed5d6ae400783097ea8ba2c959bb8265769d4163
SHA256

a97b5486827a741a683c2b26bf758963446a12caf527660d9040ae1710513ec4
SHA512

4ac25a89aa02b1693cf4cac1b8278c01697cffc574ed87a845d70e5d705a7cb9360707a1d860258a69b6ab46c461bd5cd4f795ad6cbeff41bd5d8eb6c67ffea0
SSDEEP

12288:Or4UWBCWRJO17WD/XjkQYcjYkXjxNhoSJRI:Or4UuPRJOWD/TNdYkXJoSU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
snoop_has_4.5_braincell.exe
unpack001/out.upx

Files

snoop_has_4.5_braincell.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 418KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

__bt_init
tcc_backtrace

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stab
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stabstr
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 418KB - Virtual size: 420KB

UPX2 Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 36KB - Virtual size: 227KB

.pdata Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 7KB

.stab Size: 434KB - Virtual size: 433KB

.stabstr Size: 255KB - Virtual size: 254KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 418KB - Virtual size: 420KB

UPX2
Size: 1024B - Virtual size: 4KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 36KB - Virtual size: 227KB

.pdata
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 7KB

.stab
Size: 434KB - Virtual size: 433KB

.stabstr
Size: 255KB - Virtual size: 254KB