63f900dba09b964a88ae8a28c2b703a96c6e876a1e5069d912199ca75d153016[.]exe[.]zip

General

Target

63f900dba09b964a88ae8a28c2b703a96c6e876a1e5069d912199ca75d153016.exe.zip
Size

294KB
MD5

d28d95e89c8bbd9ce686c9cffff62710
SHA1

76fd8df0969f1c8004776e03ca323072bdaa19f1
SHA256

2b290e55cbf03bc5052ecb1ff73c37a5899c4c94fb6f50b2b232dd93c0cdb471
SHA512

598b9e8fcafc990fe3d198db41130b496c91dc61fc27b583d21c2a81360809e1429cae83ac5e74004bcd976d4f72edd2e5304a6858568ca48e390574ee3a0c9a
SSDEEP

6144:w9REmG4LeRqHsaRp4cgOEJvb/CHEp5YJG08DuUOs2rEiyo0ISY14Ht:wQm9yAsK4cej/mcYJG5H2oiyoqN

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/63f900dba09b964a88ae8a28c2b703a96c6e876a1e5069d912199ca75d153016.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/63f900dba09b964a88ae8a28c2b703a96c6e876a1e5069d912199ca75d153016.exe

63f900dba09b964a88ae8a28c2b703a96c6e876a1e5069d912199ca75d153016.exe.zip
.zip

Password: infected
63f900dba09b964a88ae8a28c2b703a96c6e876a1e5069d912199ca75d153016.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 712KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 289KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE