check[.]zip | Triage

Sharing

General

Target

check.zip
Size

280KB
MD5

3317d2ce5a7742ba0f5279b3596742c6
SHA1

4043742ce48cf8881dee4b9ff2e8838708105078
SHA256

b24c4433381c66fc6f8c2c472e3d057127a9f9f7edda74fcf13c0c555c51c5e1
SHA512

09c727030070ee56946b9d5856f01ff74311f6b7a7443b3034d436f46519521bbbe3b54e4652aec3e37ff78f46caf9fc938db0bd7750580bcc292850b51ae141
SSDEEP

6144:xA3LAfCKINEw1Dg45NNgHODnzBpmirgZzd/L7/lNtRhoZ+TLZ5Ail:xwEwwuDnzs/ndNtRGaLH3l

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/0d6f715fc0728a081f26b8b46139318d862a34265727c91b5b786f33d1e375fb	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0d6f715fc0728a081f26b8b46139318d862a34265727c91b5b786f33d1e375fb

Files

check.zip
.zip

Password: infected
0d6f715fc0728a081f26b8b46139318d862a34265727c91b5b786f33d1e375fb
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE