7ff46af0a9903bc5401725e2d6ba4916a96ade16d3445c0334d1ae5cf749c469[.]exe[.]zip

General

Target

7ff46af0a9903bc5401725e2d6ba4916a96ade16d3445c0334d1ae5cf749c469.exe.zip
Size

1.9MB
MD5

61f56f0b4432fadd895832cee58f69d3
SHA1

81bb41a0311dc454699dcfbadfb86bd2a3c2e33e
SHA256

67ae2c25b0c6db650067d4e2d3a014201c8101bbf15a79ae640d1ee725f28da2
SHA512

be66fb3c85f8949f54f7986651c9e3c1948beeb683da678d655e0e776200f484f163b1b4949a91ee3a1b76d7288f0a3a3fa9e97bcc5187e2133a923c6e24a2ad
SSDEEP

49152:OlG0AZUJE+pIlBAITLSpIqsIOrS6DyhRbbh1Q:OpwUJxIPACepSIO26DyvZ1Q

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/7ff46af0a9903bc5401725e2d6ba4916a96ade16d3445c0334d1ae5cf749c469.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7ff46af0a9903bc5401725e2d6ba4916a96ade16d3445c0334d1ae5cf749c469.exe

7ff46af0a9903bc5401725e2d6ba4916a96ade16d3445c0334d1ae5cf749c469.exe.zip
.zip

Password: infected
7ff46af0a9903bc5401725e2d6ba4916a96ade16d3445c0334d1ae5cf749c469.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 272KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE