7b24e1100cf26836bdee9f4441a0d190-sample[.]zip

General

Target

7b24e1100cf26836bdee9f4441a0d190-sample.zip
Size

561KB
MD5

6e8cfef6e706ea8721dd6157692ee4aa
SHA1

f27100d4ae0cc7a709d59d46ffe9658346bc6c75
SHA256

cd25891454b9b01b1cea5404f647b1b4b24d4ca57b2ed751aa9f955dcf3808bd
SHA512

2665bda58a4d50f64920087ac671817bda63d0fcac0abab70b60d0896799807f5dfdbf01ea4c67363134d99ab2389be2b4205ac5f3b09d8fc3c14126daaa797a
SSDEEP

12288:+ecC1lpC6Vkz8kvqhyE+knAjDsnk2hs8s07gOEcNe3WulyTSzQ:+etRr+XWkEs07gOEQ1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/e059e0ce5cbd7a48c8d72d296fd96d56b2cd568c9f26598753393f19f1eb9352	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/e059e0ce5cbd7a48c8d72d296fd96d56b2cd568c9f26598753393f19f1eb9352
unpack002/out.upx

Files

7b24e1100cf26836bdee9f4441a0d190-sample.zip
.zip

Password: infected
e059e0ce5cbd7a48c8d72d296fd96d56b2cd568c9f26598753393f19f1eb9352
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 77.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 597KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 426KB - Virtual size: 76.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 842KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 77.2MB

UPX1 Size: 597KB - Virtual size: 600KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 426KB - Virtual size: 76.8MB

.rsrc Size: 842KB - Virtual size: 842KB

.reloc Size: 25KB - Virtual size: 25KB

UPX0
Size: - Virtual size: 77.2MB

UPX1
Size: 597KB - Virtual size: 600KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 426KB - Virtual size: 76.8MB

.rsrc
Size: 842KB - Virtual size: 842KB

.reloc
Size: 25KB - Virtual size: 25KB