e4ae06b27af32a1ec1890f9327a2d440cab5b897e6fceccf219583e73e998542[.]exe[.]zip

General

Target

e4ae06b27af32a1ec1890f9327a2d440cab5b897e6fceccf219583e73e998542.exe.zip
Size

648KB
MD5

7a10b3cd762ce4bae19f28f16c68b71b
SHA1

4f9a50de3b3cc959cbe42b1dc35c3a8ba4e3c8b7
SHA256

1d5e4145a455a1c44433d2509ee91263d0a6764a57ff667674386f297a3f5e79
SHA512

667b166d875c5b0b36abf88fec4b62cda66052856dc66936ed76322c228ff0e466507617f16fcef3606142e4d417271d7c8a10f1a34f98bbda56ef066d27fefd
SSDEEP

12288:SSgFHy3g3cBWTV4+icXWHeoGUzttCjKbrQ1fYfak4vm+fiVD5kyxM5ekG7Jwa:0S3g3cUV4+7Xta5wjKYd04eeiNGyxM5K

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/e4ae06b27af32a1ec1890f9327a2d440cab5b897e6fceccf219583e73e998542.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e4ae06b27af32a1ec1890f9327a2d440cab5b897e6fceccf219583e73e998542.exe

e4ae06b27af32a1ec1890f9327a2d440cab5b897e6fceccf219583e73e998542.exe.zip
.zip

Password: infected
e4ae06b27af32a1ec1890f9327a2d440cab5b897e6fceccf219583e73e998542.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 671KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE