MDE_File_Sample_219c0c75add6948b85f010beb0b02881e171b64097b4502e81e050e29cab5fd6[.]zip

General

Target

MDE_File_Sample_219c0c75add6948b85f010beb0b02881e171b64097b4502e81e050e29cab5fd6.zip
Size

2.7MB
MD5

e9ef8f2fba2d7b90db21f4b82fb23185
SHA1

6354d1349e36b440b782277106e9813d42d4aad5
SHA256

bf46991e1d09d08d03404cf409f4f54d4a96f156168730a5311a413b42852495
SHA512

1a6277a8c281542f887aaa8dedd973facfd535f9ae359364519105cb92111a3ab1cecd6bf941198b2493bcbd37193cc7664faa8fd7558f49a820f6f13cd35d31
SSDEEP

49152:BVX/LTK0wOJnQfTcPg5oLKYP5nboLdHssYoeK0VLZ8+9KFH3JfUhtop5UWn2Y4Kd:B16TOJuug2YtkK0z/MJwtw4Kd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/USBDisplayLauncher.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/USBDisplayLauncher.exe
unpack002/out.upx

Files

MDE_File_Sample_219c0c75add6948b85f010beb0b02881e171b64097b4502e81e050e29cab5fd6.zip
.zip

Password: infected
USBDisplayLauncher.exe
.exe windows:5 windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 3.5MB

UPX1 Size: 2.7MB - Virtual size: 2.7MB

.rsrc Size: 46KB - Virtual size: 48KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 5KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 3.5MB

UPX1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 46KB - Virtual size: 48KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 5KB - Virtual size: 4KB