acd123090b9da814081c84b6dd84dfa6c479b71c[.]rl[.]zip | Triage

Sharing

General

Target

acd123090b9da814081c84b6dd84dfa6c479b71c.rl.zip
Size

423KB
MD5

2350ee6028368620e61dba938ab3c1fa
SHA1

a9c3853232be11c34353257a066772e53d99db8d
SHA256

60cf7367fcf9e2552194bf649bef358ae65a3576df581f49775438b9c8ebe7e2
SHA512

1d9a6f0590c4da435018bc2dbcf9aca0dda58f084789bc8ed5e5aa590b8d615b121981d0d14570f26c903cede770d77f2f04b8fd811ae748744c5efd60ec4cfc
SSDEEP

12288:CKGUeP2HpjVkdy8QgrS5ZZT4ifTy4gqVn2bK:jekVks9XT40Ty4nVn2bK

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/acd123090b9da814081c84b6dd84dfa6c479b71c.rl	upx

Files

acd123090b9da814081c84b6dd84dfa6c479b71c.rl.zip
.zip .ps1

Password: infected
acd123090b9da814081c84b6dd84dfa6c479b71c.rl
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_MyFunc1@4

Sections

UPX0
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 505KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE