bnkextr[.]exe | Triage

General

Target

bnkextr.exe
Size

188KB
MD5

ae1367ff2e2139e139c902e8afc0698f
SHA1

143bc2b959d78ef22b3cdcfd185ac2d0476c8121
SHA256

1a08fea2233047efed9f5f96ec3032ceb5bbe36484c368b2e7d633f84dc65f75
SHA512

52346650159ab4828a87803de56889f1fb570a5f9fd5d89e1067efbc0fb95bc120d92cbd97c32b15bd8d5004ec21391473b80e08e4aea4cfa9dea4ba58a50cfc
SSDEEP

3072:x/+swAvmmWSQcy4W+DlsWjmZJo3zlsw9/wtqClXVESwBfnYLghJ6EEXLNsZjO9b:FOhSQDsNj53zC5blKnlnUy65Lu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
bnkextr.exe
unpack001/out.upx

Files

bnkextr.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 504KB

UPX1 Size: 187KB - Virtual size: 188KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 449KB - Virtual size: 448KB

.data Size: 25KB - Virtual size: 25KB

.rdata Size: 40KB - Virtual size: 39KB

.eh_fram Size: 146KB - Virtual size: 145KB

.bss Size: - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

UPX0
Size: - Virtual size: 504KB

UPX1
Size: 187KB - Virtual size: 188KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 449KB - Virtual size: 448KB

.data
Size: 25KB - Virtual size: 25KB

.rdata
Size: 40KB - Virtual size: 39KB

.eh_fram
Size: 146KB - Virtual size: 145KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B