821bb99181585cf443863e13538fd5a6aea755040f267e4511d78e237a38b670[.]exe[.]zip

General

Target

821bb99181585cf443863e13538fd5a6aea755040f267e4511d78e237a38b670.exe.zip
Size

804KB
MD5

4c2c9fbc6adff2bc9e3575b53e9fa1ad
SHA1

3397ebb9174db68d28acac497aa50fc4b9775afa
SHA256

fc60616f0238ce6b648c673a6ccb04fb906190f555e7e755f734e01c7f2201e8
SHA512

954d1abe88f5f646eb1a540790a3a439fa8e48e53176231940eb8a6054117e5497a4f166c0404ff1876c497a198dd686264ce9930b9f2320db614661743a7502
SSDEEP

24576:XOb6HGHzb1QUpJwpJQqtQ00kD5Q/TlON0:XS6HGHzb1QhOqu0KTkN0

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/821bb99181585cf443863e13538fd5a6aea755040f267e4511d78e237a38b670.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/821bb99181585cf443863e13538fd5a6aea755040f267e4511d78e237a38b670.exe
unpack002/out.upx

821bb99181585cf443863e13538fd5a6aea755040f267e4511d78e237a38b670.exe.zip
.zip

Password: infected
821bb99181585cf443863e13538fd5a6aea755040f267e4511d78e237a38b670.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 799KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ