635d970c35bc126cc3bfa2c77c944290f7b7255a5c36391479e168df94940949[.]exe[.]zip

General

Target

635d970c35bc126cc3bfa2c77c944290f7b7255a5c36391479e168df94940949.exe.zip
Size

164KB
MD5

6fc34c9a2d87fa574be9ed6b92d8bc72
SHA1

49da66ebd9ba50782ba65e4a9af5c64b6fd96aea
SHA256

585655b001250ca22fe25fdeef0778f4544c87ea2df1dbc8d515641696ff026e
SHA512

86d9f480ec8f2ad09ed3831f6cda32c61914c4918109fb760feb58f495cd7c5bcaaf210e8531412768331174bbe15727d682f9d06176c39459190eff445e3f87
SSDEEP

3072:owYoxEE9oP2WPPqjqLxGs9/txgHEQGIreHR8jqmsnUFY:olE9oPpPqOLT/txtQaH6jqC2

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/635d970c35bc126cc3bfa2c77c944290f7b7255a5c36391479e168df94940949.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/635d970c35bc126cc3bfa2c77c944290f7b7255a5c36391479e168df94940949.exe

635d970c35bc126cc3bfa2c77c944290f7b7255a5c36391479e168df94940949.exe.zip
.zip

Password: infected
635d970c35bc126cc3bfa2c77c944290f7b7255a5c36391479e168df94940949.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 126KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE