07c9mfhe[.]zip | Triage

Sharing

General

Target

07c9mfhe.zip
Size

84KB
MD5

6a7e954ed95b010ef5c794048434f322
SHA1

712af7bfb306fbc24af7179c6d35ea2b2e7b0298
SHA256

85aa377a7cb02813b4125fc5cb83e7cd96df79d628cce77eb876e01eea8cd276
SHA512

e13ceb46c14442cb0ad1f221fa9f2c4846ac8802f684ac6cbd1785ef4d0887002267d31a11e94d160b0a69368ab52d92b088268545bff0ed769ac47ec6e9eb20
SSDEEP

1536:krz1iK3+zEEON7ov2qftI28JpGJTrGBG55fNqcvnwF1uF9O:k3OzE7dY+JJoJTCW5dnwF1uF9O

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
static1/unpack001/QQkjmmpjq/QQ�ռ��ƽ��/QQ�ռ��ƽ��.exe	upx

Files

07c9mfhe.zip
.zip
QQkjmmpjq/QQ�ռ��ƽ��/##��ע��##.txt
QQkjmmpjq/QQ�ռ��ƽ��/77169.org��˵��.htm
.html
QQkjmmpjq/QQ�ռ��ƽ��/77169.orgʹ�ð��˵��.txt
QQkjmmpjq/QQ�ռ��ƽ��/QQ�ռ��ƽ��.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQkjmmpjq/QQ�ռ��ƽ��/��ĺڿ�ͬ��.url
.url