0[.]rl[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0.rl.zip
Size

3.8MB
MD5

fb004466db072e73816524bbf694ef29
SHA1

13b56c5c65ebb43b0ac6cc98034e28ea5993c3f4
SHA256

2b86b1c80cbeea6f4bd9488a4af8c2031a7a12e2790891307856f8e9834d9d50
SHA512

bf2ac86ab0b8e1f2bd30877715e7d60af59d4ce7826630f94c971138af8a2d90ccca07ad510c0e5ee0eccb4e39a552b34beccd2907c0cd46b95947fa58ae1284
SSDEEP

98304:v/2TMLW/5qI8gEcJr9JFEZsgqJZmWty1SgI5GXLa:n/Wf8glJrzcQ61IoXe

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/57cfa261b96350b6df8f9fbbb5dea6f89070cdee.rl	upx

Files

0.rl.zip
.zip

Password: infected
57cfa261b96350b6df8f9fbbb5dea6f89070cdee.rl
.exe windows x86

Password: threatbook

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE