d5076c00baa22b470b50a8671401a33429e95d156cc97092e1221fbca39b305b[.]exe[.]zip

General

Target

d5076c00baa22b470b50a8671401a33429e95d156cc97092e1221fbca39b305b.exe.zip
Size

1.2MB
MD5

1227dfceae8c965e322c684472037212
SHA1

c59ba38960c3696b183dccf62e5b5ba02e188ab2
SHA256

943ecd9fb3aa481b555cab29a8aa06ea58963e0038ffab43d42dd55f38411979
SHA512

9ec6078ce1dbaf885012e7a01b180e38db3c661283c93c1b37d0db53d0130c02881c3fb555e52cb00ef494c0bf4862de69d8138e15d5ef4b9ac0fbf47649bba0
SSDEEP

24576:BzzrsdzcJ4kMLtD88SwLUkgRaKz1dvO6zlDjr9PQkcm:5zrsRQ4kaD88Swtuz66zlDj5Pl

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/d5076c00baa22b470b50a8671401a33429e95d156cc97092e1221fbca39b305b.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d5076c00baa22b470b50a8671401a33429e95d156cc97092e1221fbca39b305b.exe

d5076c00baa22b470b50a8671401a33429e95d156cc97092e1221fbca39b305b.exe.zip
.zip

Password: infected
d5076c00baa22b470b50a8671401a33429e95d156cc97092e1221fbca39b305b.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE