d9f662c6a1d5f00b46102c016dc39ce4e62105271cdbda6ed8d094940b50e319[.]exe[.]zip

General

Target

d9f662c6a1d5f00b46102c016dc39ce4e62105271cdbda6ed8d094940b50e319.exe.zip
Size

273KB
MD5

1a391fb6a581d0072ee77ad2b80dc8ba
SHA1

f74ea2d9e54f5714b63b45932d511cbca396374e
SHA256

7fafc5f53038b8d67f85487e8ea55ed1d745fac12c2f311294d07574249ecd7f
SHA512

ec661e2e512a5f049221bc48f0f29c036b2b88b49e5fc705abf9394e94695b98dcb98ec3cf3079db2c609e878e705bae4f6a2607892277fb01d2bc1389c7bcc6
SSDEEP

6144:9GkLvp2b42eMbA/+ZvXlYGllkwKp2yP0UjGv7z:kmR2bHNe+Llg0mmz

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/d9f662c6a1d5f00b46102c016dc39ce4e62105271cdbda6ed8d094940b50e319.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d9f662c6a1d5f00b46102c016dc39ce4e62105271cdbda6ed8d094940b50e319.exe
unpack002/out.upx

d9f662c6a1d5f00b46102c016dc39ce4e62105271cdbda6ed8d094940b50e319.exe.zip
.zip

Password: infected
d9f662c6a1d5f00b46102c016dc39ce4e62105271cdbda6ed8d094940b50e319.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 512KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ