991ca71a98071a3e92e9355317d86ad2b0b95f603cdd7198d801ee5ffb74aac9[.]exe[.]zip

General

Target

991ca71a98071a3e92e9355317d86ad2b0b95f603cdd7198d801ee5ffb74aac9.exe.zip
Size

27KB
MD5

e20f44b94b5a7931a43eb78755135ec0
SHA1

20a25e6b02b5f52d4a7e1a26787a1668c460be85
SHA256

f91d71c9c0ec3b34a0a3f325ad3f60247a6a7ccf08283ce83f2c2773008d4871
SHA512

30dda0a2a28d6c4fe8c103c23263e6b9743fcc65c5b94f986351ad7a867ff78b68877aa6e35f29078c157026bbe8eb0b1d2588571b54ffc8c2b3fb86fbcb34cf
SSDEEP

384:AbR7+FgdUte6lK7+2/lsdio2dxOK1x/1Ac6YIdIyoLhAvkxTlS7Stev/3f3EcHmY:2RdTn1yS/1bAdD7Stev301JOz3B

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/991ca71a98071a3e92e9355317d86ad2b0b95f603cdd7198d801ee5ffb74aac9.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/991ca71a98071a3e92e9355317d86ad2b0b95f603cdd7198d801ee5ffb74aac9.exe

991ca71a98071a3e92e9355317d86ad2b0b95f603cdd7198d801ee5ffb74aac9.exe.zip
.zip

Password: infected
991ca71a98071a3e92e9355317d86ad2b0b95f603cdd7198d801ee5ffb74aac9.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE