c76d066338877c15f0acf0004cc3393541fdc7a6697df4cc44e32a52c7edea6f[.]7z

General

Target

c76d066338877c15f0acf0004cc3393541fdc7a6697df4cc44e32a52c7edea6f.7z
Size

35KB
MD5

36b039e7b4947d47a13c96869d7d0901
SHA1

c8fd78a55e455ccef81c20c28c090f80546443a2
SHA256

77f5bd72a74295912bcecf02db0765c12aff52dd7c677cecbd3336701c40455f
SHA512

ebe9be2b79fe1cfc64a81a5428a667d682360ca777fb7106f77647d26d5b0221b6df89aed0290f10c7a19308fe36a42ad3290f83e002fedbc228120e2d1c3138
SSDEEP

768:3ybM4fS0nFBoBiQLA8rkG9K7FqYqHMflDeVvcfSVAi22A86Awk:N4f/J8rPEpqYlfBG6vAj

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/RansomHide.exe	upx

c76d066338877c15f0acf0004cc3393541fdc7a6697df4cc44e32a52c7edea6f.7z
.7z

Password: infected
RansomHide.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe .vbs windows x86