49d5987b0828d284b850566ef238ed16f7cb4239cddbb27968abc2114a992ad9[.]exe[.]zip

General

Target

49d5987b0828d284b850566ef238ed16f7cb4239cddbb27968abc2114a992ad9.exe.zip
Size

149KB
MD5

9c7575549876c0a257d17c381994f797
SHA1

49bed92bbd2d89e4baabb35ce2331e3460b7c633
SHA256

005e18a006a70270c44b51dd0f981b26bf11d989f7ea852228cfebaeba66d723
SHA512

2d5275bf1bc4246d56cbe5677f1c807e309942fbae4fec50e16c4c81bf3c0c0b94c4fb972649ee4e566cb2394836f4b59c22d5d42433d757fb5940a4d7c03ce1
SSDEEP

3072:RqiA5iY5o0st9PoGhovVTp/oupVcpY7avCW+u9a5BEqRdUJJsU0LXT2DopD:RqR5fxO9Pos6VTp/orprvCWba5OqfjZf

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/49d5987b0828d284b850566ef238ed16f7cb4239cddbb27968abc2114a992ad9.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/49d5987b0828d284b850566ef238ed16f7cb4239cddbb27968abc2114a992ad9.exe
unpack002/out.upx

49d5987b0828d284b850566ef238ed16f7cb4239cddbb27968abc2114a992ad9.exe.zip
.zip

Password: infected
49d5987b0828d284b850566ef238ed16f7cb4239cddbb27968abc2114a992ad9.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ