5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b[.]zip

General

Target

5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b.zip
Size

212KB
MD5

f62feba069adc867afa50b3affeff7d0
SHA1

5fbb62212f1344736f647e61b5ccc4b5a2b16e10
SHA256

5222785d721ce9f856d31d7088406589c3afe28256bef0a6fb6214aa8962b722
SHA512

d4fa8448d2eb5c2468e212eab0bba86daaa384e242e418470426e0173ee6fa67d2ff0e9cd9963b21efd00afab19ffc8a0430e34271a78adf762f8d2a4950f823

Score

8^/10

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

Processes:

resource	yara_rule
static1/unpack001/5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b.exe	patched_upx

5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b.zip
.zip

Password: infected
5b56c5d86347e164c6e571c86dbf5b1535eae6b979fede6ed66b01e79ea33b7b.exe
.exe windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

pppp
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cccc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE