2024-06-10_a9533054bcacd748b349bd2f2bad832d_darkbit | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-10_a9533054bcacd748b349bd2f2bad832d_darkbit
Size

18.4MB
MD5

a9533054bcacd748b349bd2f2bad832d
SHA1

1345a0b244a282100ca720a4016206522ad71187
SHA256

604c968fbad9494574ca9815f49864a36e4be338200fac362f0796ddd3bffee2
SHA512

99c6a2fb08f1ed82fd7ce4994b22094778bb698a0597562ec1ca5bd5e8a0e83e5d89d3de9cb962c350db08e2a3ab5c678a8d42cee2adeed21f04414db5302080
SSDEEP

98304:pmkq9qYRzW1ri9Z6ki1STzQA6/bajGnq1HEUMo2HX2N:BqpWALiwTzX6SGNw2

Score

10^/10

upx

Malware Config

Signatures

Detects executables containing bas64 encoded gzip files 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-10_a9533054bcacd748b349bd2f2bad832d_darkbit

Files

2024-06-10_a9533054bcacd748b349bd2f2bad832d_darkbit
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_cgo_dummy_export
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
doneTrampoline
preUpdateHookTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

UPX0
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE