MDE_File_Sample_c27fabacd332ae18e55e52300f136ed755c99d63[.]zip

General

Target

MDE_File_Sample_c27fabacd332ae18e55e52300f136ed755c99d63.zip
Size

1.4MB
MD5

0b02150bfb72fd1c3ff7fca5237cd6cb
SHA1

66e60b2fcdbbebb42479d1cc5153f6b6a52e8524
SHA256

600f0b87c92255cf82801a3b19f5abd1d65be8fe6fd33d039dc5ccd477f50a7c
SHA512

6610efc7e74c81deb08c4810c0c784dfad278dcf20efdec28a4709f29f4fd90207ca4091bccb18cfd897f15aa8af578db444ab4b568009fca9ec6e9001016ac0
SSDEEP

24576:Pix7IOzVKHERZHSGPnpb4iwM0BeOVAEvtHWimHREftuP/NBgDAbKLzlO5o2c:a1IOsHUp5vh2MnfEvt2pnlBwf3s5oB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Reader_Install_Setup.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Reader_Install_Setup.exe
unpack002/out.upx

Files

MDE_File_Sample_c27fabacd332ae18e55e52300f136ed755c99d63.zip
.zip

Password: pass123
Reader_Install_Setup.exe
.exe windows:5 windows x86

Password: pass123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_CreateProcessWithTokenW@36

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: pass123

Password: pass123

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.9MB

UPX1 Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 19KB - Virtual size: 20KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 504KB - Virtual size: 504KB

.data Size: 28KB - Virtual size: 47KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 170KB - Virtual size: 170KB

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 19KB - Virtual size: 20KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 504KB - Virtual size: 504KB

.data
Size: 28KB - Virtual size: 47KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 170KB - Virtual size: 170KB