11237636323[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11237636323.zip
Size

3.1MB
MD5

b74d0908f881543e7666ce91a88cbe1e
SHA1

b076dc7f2f87adb80546a6f1ceedd147b049c7eb
SHA256

7d4854652dc2d134bf5f181cb0134249c1c4473f29b58e90c1eb712fc43b5397
SHA512

c827f60ff8594a25a35e04f9073fa63b303be94fbf523742d531fd30c7f73225c63af80cf246730ad60921e1758c5c637b51ae818d00ea48e7e116540905b315
SSDEEP

98304:ArcUJVO+U6QrgUIdjvvxXNBTQD/MAIAGoCthBVdN:iZV1QrgtdjBTIMAnQtpdN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/afcb3f1d2c2222799e12036f42a6bc823553d39a891bfa5b2d34cd6fe7ec2a09	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/afcb3f1d2c2222799e12036f42a6bc823553d39a891bfa5b2d34cd6fe7ec2a09

Files

11237636323.zip
.zip

Password: infected
afcb3f1d2c2222799e12036f42a6bc823553d39a891bfa5b2d34cd6fe7ec2a09
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_pyi_bootstrap.pyc
a2.pyc
pyi_carchive.pyc