3c0cstrapperv2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c0cstrapperv2.exe
Size

1.9MB
MD5

34aed9c6caf5da4e307f9072883761c5
SHA1

99d09fe2058955e0b7342a74bf71e707993696b0
SHA256

2f21ce6b0bbc8a2fe6b3d05ac4bb4a9a12f370b5b5884d8b10182a316b2ed9a4
SHA512

5ee5c842ef58dd7667389cddd2adfd272e0b6f089fff9f48ae7dc5486a96ec2b2dd21befc7e07548915dedbc91262bb108a64f6de69d93acbf0d6fb23b78ae25
SSDEEP

49152:M4rsNPE/ytfPEs1Sw0wIuzmly2Dgv+FGPBaNs:wE/SHb1STDBk

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c0cstrapperv2.exe

Files

3c0cstrapperv2.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ