f6e603d61e5785e6b0fcbdbab7ec3d7c6a23707d03b10551afa8ad2a98ecd0cf[.]exe[.]zip

General

Target

f6e603d61e5785e6b0fcbdbab7ec3d7c6a23707d03b10551afa8ad2a98ecd0cf.exe.zip
Size

225KB
MD5

bde3aae9ffa1aa7640fd794b710a409c
SHA1

2253b97eaa70b921c15ea79513234385d6c4c14c
SHA256

932f785349e92f1dbdeeb5de2f81d92238ba23d58d0c2c720500cf1bde6f287f
SHA512

d26a2463994a32f760e8e2f7eccb214684f11cdb4eb02404ce8cfaa6000201296e718046b5d84b1d7e33350b1ba0ccd050e2fcb929f205a9dc5c32aefe1ea576
SSDEEP

6144:2TQnVh2vgf3tM4pDXZXzgtmHrOvEvTEW8:2iVnO2XzgM61W8

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/f6e603d61e5785e6b0fcbdbab7ec3d7c6a23707d03b10551afa8ad2a98ecd0cf.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f6e603d61e5785e6b0fcbdbab7ec3d7c6a23707d03b10551afa8ad2a98ecd0cf.exe
unpack002/out.upx

f6e603d61e5785e6b0fcbdbab7ec3d7c6a23707d03b10551afa8ad2a98ecd0cf.exe.zip
.zip

Password: infected
f6e603d61e5785e6b0fcbdbab7ec3d7c6a23707d03b10551afa8ad2a98ecd0cf.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ