discord[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

discord.zip
Size

4.3MB
MD5

1b38296a4c609eeab3a16fb0709f79a4
SHA1

08a22af2fc29f9f264ffe49a22a208ed4a0c89c7
SHA256

6f689fb8bc16c15ed4a19fe749c8659f7ef5311758c5a2790a03583ae98b1c51
SHA512

74bb54ebf12f2606be5b6a1b97ab1a1c3cdb59482994dcdfc4747425d1478c0ad7c3d99140e4c26be71dda96e714950620a5896d633df91100af377913d68057
SSDEEP

98304:CsxNMlgGZXyfYVrMqc+aGhMML7Rur7kz70p5UB0+T:Cs/MzZ+Crxc+aGaM/crYkpiBJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/635965506.exe	upx

Files

discord.zip
.zip

Password: infected
635965506.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE