0bb240c047926bc2e72a49fccde5215729e327e4b501cba8ebb682b57833ca42[.]exe[.]zip

General

Target

0bb240c047926bc2e72a49fccde5215729e327e4b501cba8ebb682b57833ca42.exe.zip
Size

11.7MB
MD5

b2b40b919953666afda322c398ae05af
SHA1

3e405b36465a7775b685d3fd36945428579c5286
SHA256

f5e03258a796e4b950cc1b1d59d1b90b219185476879f44a1f6e4075f07c04e7
SHA512

071281c4dc741c0c0557844695251265507907e33a7c96d094ed662d2ca4961498a74052bef44c00f2e2b8524c9a52a1f757443bfd7c6596077cb8f0c1aba35a
SSDEEP

196608:Earieo9ynj/d+x2olkmubvIT9Bwgak32CC1hR3nfMA5byPzy:Keoij0akvTbC1hRPdwzy

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/0bb240c047926bc2e72a49fccde5215729e327e4b501cba8ebb682b57833ca42.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0bb240c047926bc2e72a49fccde5215729e327e4b501cba8ebb682b57833ca42.exe

0bb240c047926bc2e72a49fccde5215729e327e4b501cba8ebb682b57833ca42.exe.zip
.zip

Password: infected
0bb240c047926bc2e72a49fccde5215729e327e4b501cba8ebb682b57833ca42.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1020KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 629KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xur
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE