69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34[.]exe[.]zip

General

Target

69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe.zip
Size

4.0MB
MD5

7c478458d1cde3730dff272d5e9cdf1e
SHA1

e2cd1032e451f878e75ec0afc4839b534493f431
SHA256

2ce9075df93d7328fc0153f268501b2cb034c545010dbd3056cfbffa77960c9e
SHA512

38c421dc693fb36e40ce61b39d04a4802408ad74b5d156c7159f0ca626640ba2cb9a2150789f84f56e927c136d6440199e6b9ed38760eb0a4d22cae8bfdad328
SSDEEP

98304:00jADsCUcqHmMzEHayrTXGFT7+mxzxlHi6HJe1PKH2e01GmXz:0skstGpHacTXGFH+mk6HlH2X1Gw

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe

69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe.zip
.zip

Password: infected
69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe
.exe windows:1 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 13.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE