ecbd7d53bc8532425b8524f0a374b21b0e5fa80f48ca15b0f3d8989780323db3[.]exe[.]zip

General

Target

ecbd7d53bc8532425b8524f0a374b21b0e5fa80f48ca15b0f3d8989780323db3.exe.zip
Size

535KB
MD5

9b81a968e11c905107b6ba0c1b63295c
SHA1

09d39d6cdfff72bd8956846b54ffdc47683896a7
SHA256

227f0c4eb736de4f02c652815b2d5b53c5dcd755848c4f8c0ec9a2bee7a9d282
SHA512

587dcc543aca98234dc2abeea90632e9cfc4f9e3f5304d81dbaf7d7e9960040dbcab0b5e68325161fe37992551eeedcfe97148b91cf21c89e26b4dd942fe0164
SSDEEP

12288:Z38gZOpzMCTf4rde9uzc2EPdGLpcxq7kxG4a+FK:Z38g6N45xCspcxq+9a+4

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/ecbd7d53bc8532425b8524f0a374b21b0e5fa80f48ca15b0f3d8989780323db3.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ecbd7d53bc8532425b8524f0a374b21b0e5fa80f48ca15b0f3d8989780323db3.exe
unpack002/out.upx

ecbd7d53bc8532425b8524f0a374b21b0e5fa80f48ca15b0f3d8989780323db3.exe.zip
.zip

Password: infected
ecbd7d53bc8532425b8524f0a374b21b0e5fa80f48ca15b0f3d8989780323db3.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 524KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 516KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

createInstance

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ