5dda95aae551653b518b198029c2d88d10e86889c39d7e9ab84c6e2d1a370bea[.]exe[.]zip

General

Target

5dda95aae551653b518b198029c2d88d10e86889c39d7e9ab84c6e2d1a370bea.exe.zip
Size

1.5MB
MD5

f73a3d0059956d6a88f89209fca7f9e8
SHA1

ad9e6d59149dfad6d379f58083cff30367ba3626
SHA256

a6212b4bc90d144dda517538d26e96762b4a3a11e1e904463f0ab5f37149787b
SHA512

edddf1ffa5241b2986a5a00e9d3f3e5cb5f4fc668cc1ab1bf12462dfc57ed48fa0a20fb1a089c6f20fe678232185d0343311a9a2a29b266289afadf790f69ab4
SSDEEP

49152:TBRkI7qOAJfJPzUhu1vNOdrCwe6kHloipyeMNzfYDApcq2a:dmRnkpCwe6kqmhKfXcqB

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/5dda95aae551653b518b198029c2d88d10e86889c39d7e9ab84c6e2d1a370bea.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5dda95aae551653b518b198029c2d88d10e86889c39d7e9ab84c6e2d1a370bea.exe
unpack002/out.upx

5dda95aae551653b518b198029c2d88d10e86889c39d7e9ab84c6e2d1a370bea.exe.zip
.zip

Password: infected
5dda95aae551653b518b198029c2d88d10e86889c39d7e9ab84c6e2d1a370bea.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 5.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ